> Installing the Administration Server > Prerequisites

Installing the Administration Server

     Previous  Next    Open TOC in new window  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Prerequisites

This section describes the prerequisites needed to install the BEA AquaLogic Enterprise Security Administration Server, including system requirements, and prerequisite software and hardware. It does not include information for installing a Security Service Module, for which see Installing Security Service Modules.

The Administration Server requires certain software components to operate properly. Review these requirements carefully before installing the product.

 

System Requirements

Table 3-1 lists the system requirements for the Administration Server.

Note: The machine on which you install the Administration Server must have a static IP address. The IP address is used by the Security Service Modules and Service Control Manager for connectivity. Also, on a Windows platform, the file system must be configured for NTFS and not FAT.

Table 3-1 System Requirements 
Use
Component and Version
Servlet Container
AquaLogic Enterprise Security Administration Server requires that you install one of the following servlet containers prior to installing the product:

Note: Install BEA WebLogic Server in BEA_HOME.

The servlet container requires a Java VM:
  • Sun Java 2 SDK 1.4.2_08 on WebLogic Server 8.1
  • Sun Java 2 JDK 5.0 (JDK 1.5) on WebLogic Server 9.1 or 9.2
  • BEA JRockit 1.4.2_08 SDK on WebLogic Server 8.1, on Windows or Linux
  • BEA JRockit 5.0 (JDK 1.5) on WebLogic Server 9.1 or 9.2, on Windows or Linux
  • See Apache Tomcat Requirements for information about special requirements for Tomcat.
Java Runtime Environment (JRE)
The installation program requires a JRE, which is installed as needed by the servlet container.

Note: The installation process sets JAVA_HOME and related variables to point to the JRE directory. All scripts installed use JAVA_HOME by default.
Policy Store (Database Storage)
  • Oracle 9i Release 2 (9.2.0.5)
  • Oracle 10g Release 1 (10.1.2, 10.2.0.1)
  • Sybase Adaptive Server Enterprise, Version 12.5.2
  • MS-SQL 2000 and 2005
  • PointBase 5.1
Platforms Supported
The BEA AquaLogic Enterprise Security Administration Server runs on any of the following platforms:
  • Intel Pentium compatible with Microsoft Windows 2000 SP4 Professional
  • Intel Pentium compatible with Microsoft Windows 2003 SP1 Professional
  • Intel Pentium compatible with Microsoft Windows 2000 SP4 Server/Advanced Server
  • Intel Pentium compatible with Microsoft Windows 2003 SP1 Server/Advanced Server
  • Sun Microsystems Sparc with Solaris, versions 8, 9, and 10
  • Linux Red Hat Advanced Server, version 3.0
Web Browser
Microsoft Internet Explorer, Version 6.0 or later. In addition, the Java Plug-in for Internet Explorer from the Java Runtime Environment (JRE) 1.4.1 or greater is required for the 8.1 console.
For the 9.x console, the Java Plug-in for Internet Explorer from the Java Runtime Environment (JRE) 5.0 or greater is required.
Display Resolution
A display resolution of 1024 x 768 or higher is recommended when running the Administration Console.
Memory
256 MB of RAM minimum, 512 MB or more is recommended. Each user session requires approximately 5 MB of memory.
Hard Disk Space
About 100 MB free storage space for the installed product (this does not include WebLogic Server or Apache Tomcat storage space).
Refer to the database installation instructions for recommendations on database storage allocation.
Certificates and Keystores
BEA AquaLogic Enterprise Security uses an implementation of the Transport Layer Security (TLS) 1.0 specification (see TLS Protocol). The server hosting the AquaLogic Enterprise Security Administration Server supports TLS on a dedicated listen port that defaults to 7010. To establish a secure connection, a Web browser connects to the Administration Server by supplying the listen port and the secure address (HTTPS) in the connection URL, for example, https://myserver:7010.
Reporting
Optionally, you can use Log4j to configure a reporting application to support auditing features. For further information on how to use Log4j with the Administration Server, see: http://jakarta.apache.org/log4j/docs/.

Apache Tomcat Requirements

If you are using Apache Tomcat, the user performing the AquaLogic Enterprise Security installation must have permission to access the Apache Tomcat directory. Therefore, when you install the Apache Tomcat, you should specify this user as the User Name on the Apache Tomcat Setup: Configuration Options page or assign access permission to this user.

You can use Apache Tomcat with JDK 1.4 or JDK 1.5. Note the following:

Tomcat with JDK 1.4

If you use Tomcat with JDK 1.4, you must also install the JDK 1.4 Compatibility Package, which is required by Tomcat 5.5 and which you can find on the Tomcat 5.5 download page.

Tomcat with JDK 1.5

If you use Tomcat with JDK 1.5, then you need to edit the BEA_HOME/ales25-admin/config/WLESTomcat.conf file to add the following parameter: 

-Djavax.xml.transform.TransformerFactory=com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl

Otherwise Tomcat will use the org.apache.xalan.processor.TransformerFactoryImpl class, resulting in an exception when you attempt to log in to the AquaLogic Enterprise Security Administration Console.

 

Database Pre-Installation Tasks

This section describes pre-installation tasks for using the Oracle, Sybase, Microsoft SQL Server, or PointBase databases with AquaLogic Enterprise Security. Follow the instructions for your chosen database.

Oracle Policy Database and User Creation Instructions

To configure an Oracle policy database, you must create the policy database, create a security role and a user account, and grant the security role and user access. The user account is necessary so that the policy for the instance of the Administration Server managed by this user can have a dedicated storage area allocated in the database instance.

Note: To perform this procedure, you must log into the Oracle database server as a database administrator.

To set up a policy database and a new user account, perform these steps:

  1. To login to the Oracle database server, type:
    2. sqlplus dba/password@ASERVER

    where:

    dba is the username you use to access the database.

    password is your database administrator password.

    ASERVER is the name of the Oracle service (as defined in your tnsnames.ora file).

  2. To configure the policy database, enter the following commands at the SQL> prompt:
    3. SQL>connect sys as sysdba
    SQL>create tablespace DATA datafile `C:/Oracle/oradata/ASI/data.dbf'
    size 10M autoextend on next 1M MAXSIZE 250M;
  3. To create a new role in the database server, type:
    4. SQL> create role asi_role;
    SQL> grant create session to asi_role;
    SQL> grant create table to asi_role;
    SQL> grant create sequence to asi_role; 
    SQL> grant create trigger to asi_role;

    where: asi_role is the new role.

    The following example uses the default tablespaces generated when the Oracle database was first installed, although you can specify any tablespaces.

  4. To set up a new database user account, type:
    5. Note: In this example, you use the default tablespaces generated when you created and configured the Oracle database instance, however, you can specify any tablespaces. 
    SQL> create user username identified by password
    SQL> default tablespace DATA quota unlimited on DATA;

    where:

    username is the name to assign to the new user account.

    password is the password to assign to the new user account.

    unlimited is size of the tablespace (shown here as set to unlimited).

  5. To grant the role with the necessary privileges to the user, at the command prompt, type:
    6. conn sys as sysdba;
    grant asi_role to username;
    commit;

    In this case, you grant SELECT permission to the user you created in step 3. The Oracle database server does not allow you to grant the permission to the asi_role. BEA AquaLogic Enterprise Security uses this dynamic view to check whether one of its tables is currently being accessed. Therefore, the SELECT permission is required.

  6. Exit SQLplus.

Sybase Policy Database and User Creation Instructions

This section describes how to configure a Sybase policy database. You must create the policy database, create a security role and a user account, and grant the security role and user access. The user account is necessary so that the policy for the instance of the Administration Server managed by this user can have a dedicated storage area allocated in the database instance.

To set up the user account, create the login to the Adaptive Server Enterprise database, create the user for policy database, and grant the user privileges to manipulate the policy schema.

Note: BEA strongly recommends that you not use the dbo of the policy database as the policy owner. While it is possible to do so, it requires additional database configuration that is beyond the scope of this guide.

Please refer to Creating Sybase Database Devices if you have not already created the required database devices asi_data_dev and asi_log_dev as shown in this section.

To set up a policy database and a new user account, perform these steps:

  1. Log in as the System Administrator.
  2. At the command prompt, type:

    3. isql -Usa -S server_name

    where: server_name is the database server name.

  3. Enter the following commands:
    4. 1>use master
    2>go
    1>create database sspolicy on asi_data_dev = 250 
    log on asi_log_dev =  250
    2>go

    where: sspolicy is the name of the database. The name sspolicy is used only for the purpose of the example. You can assign any name to the database. In this example, the minimum database sizes, 250 MB, are used. If you choose to use other sizes, enter those sizes instead.

    asi_data_dev and asi_log_dev are the names of the two devices.

  4. To create the ASI Database Login ID, at the isql command prompt, type the following commands:
    5. 1>use master
    2>go
    1>sp_addlogin asi, password, sspolicy, null, "asi login"
    2>go

    where: password must be at least six alphanumeric characters or other characters allowed by Sybase and sspolicy is the name of the default database. If an asi login already exists, you must use the sp_modifylogin command to set its default database to sspolicy.

  5. To create the ASI database user ID, at the isql command prompt, type the following commands:
    6. 1>use sspolicy
    2>go
    1>sp_adduser asi
    2>go
  6. To grant permissions to the ASI database user ID, at the isql command prompt, type the following commands:
    7. 1>use sspolicy
    2>go
    1>grant all to asi
    2>go

General Information on PointBase and Microsoft SQL Server Support

The PointBase and Microsoft SQL Server JDBC drivers are not shipped as part of AquaLogic Enterprise Security 2.5. If you plan to use either the PointBase or Microsoft SQL Server databases, you need to acquire the JDBC drivers before beginning the AquaLogic Enterprise Security 2.5 installation. The drivers are needed so that AquaLogic Enterprise Security 2.5 can populate the database with the tables and default data during installation.

The Oracle and Sybase drivers do ship with AquaLogic Enterprise Security 2.5.

AquaLogic Enterprise Security 2.5 uses Kodo 4.0.1 for database operations. The Kodo documentation is available at http://download.oracle.com/docs/cd/E13189_01/kodo/docs40/index.html.

Pre-installation Tasks for Microsoft SQL Server 2000

This section describes pre-installation tasks fore MSSQL Server 2000.

Microsoft SQL Server JDBC Driver Information

AquaLogic Enterprise Security 2.5 uses the MSSQL 2005 JDBC driver for connectivity to both MSSQL 2000 and MSSQL 2005. The JDBC driver is 100% compatible between both SQL server versions.

You can find the Microsoft SQL 2005 Driver by using the following URL:

http://www.microsoft.com/downloads/details.aspx?FamilyId=6D483869-816A-44CB-9787-A866235EFC7C&displaylang=en

Microsoft SQL Server Database and User Creation Instructions

In the instructions that follow, the Microsoft SQL Enterprise Manager Utility is used to create a database to store AquaLogic Enterprise Security 2.5 policy data, create a user for AquaLogic Enterprise Security 2.5 database connectivity, and to assign database permissions to the user.

The Enterprise Manager can be launched from Programs->Microsoft SQL Server-> Enterprise Manager

  1. Create a database that can store AquaLogic Enterprise Security policy data. To create the database, go to Action->New Database in the Enterprise Manager's file menu.

    2. Set the name for the database

Figure 3-1 shows that a database named asiadmin has been created.

Figure 3-1 Adding a Microsoft SQL Database

Adding a Microsoft SQL Database

  1. Create an AquaLogic Enterprise Security 2.5 database user. This user is used to query and persist data to the policy store.

    2. To create a User, select the "Security Folder" in the left pane of the Enterprise Manager and select "Logins." Right-click on "Logins" and select "New Login..." from the context menu. Figure 3-2 shows the location of the Security folder.

    Figure 3-2 Security Folder Location

Security Folder Location

  1. After selecting "New Login..." the Login Properties dialog box shown in Figure 3-3 appears:
    2. Figure 3-3 Login Properties Dialog Box


    Login Properties Dialog Box

    Perform the following actions:

    1. Set the name of the user
    2. Select the SQL Server Authentication radio button
    3. Create a password for the user
    4. Select the database name that was created in Step 1 from the "Database:" combo box

      5. Click on the "Database Access" tab and find the database that was created in Step, as shown in Figure 3-4. Set the "Permit" column for the database in the "Specify which databases can be accessed by this login" table and set the role for the user as "db_owner" in the "Database roles for 'asiadmin'" table.

      Figure 3-4 Database Access Dialog Box

Database Access Dialog Box

  1. Select the database that was created in Step 1 from the left pane of the Enterprise Security Manger. The database will be located under the "Database" folder. Right-click on the database and select Properties from the context menu. The "database" folder is surrounded by a blue rectangle, as shown in Figure 3-5.
    2. Figure 3-5 Selecting the New Database

Selecting the New Database

  1. Select the permissions tab from the dialog box as shown in Figure 3-6 and make sure the user has the proper permissions on the database (Create table, Create View, and Create Default):
    2. Figure 3-6 Database Permissions

Database Permissions

Pre-installation Tasks for PointBase 5.1

This section describes pre-installation tasks for PointBase 5.1.

Location of PointBase Server in WebLogic Server 9.x

WebLogic Server 9.x ships with a version of PointBase 5.1, which is available in Weblogic_Home/common/eval/pointbase.

Scripts to start PointBase 5.1 and the PointBase Console are available in Weblogic_Home/common/eval/pointbase/tools.

Only PointBase 5.1 is supported. The PointBase version (4.x) that ships as part of WebLogic Server 8.1 is not supported and will not work.

PointBase 5.1 JDBC Driver Information

The JDBC driver for PointBase is bundled with the PointBase server.

If the PointBase Sever that ships as part of WebLogic Server 9.x is used as the database for AquaLogic Enterprise Security 2.5, the JDBC driver is available in Weblogic_Home/common/eval/pointbase/lib/pbclient51.jar.

PointBase SQL Server Database and User Creation Instructions

To configure a policy database, perform the following steps:

  1. Start the PointBase database. The database can be started using the startPointbase.cmd/sh script located in Weblogic_Home/common/eval/pointbase/tools.
  2. Start the PointBase Console. The console can be started by invoking the startPoinyBaseConsole.cmd/sh script located in: Weblogic_Home/common/eval/pointbase/tools.
  3. In the "Connect to Database" dialog box, do the following:
    1. Modify the URL to have the appropriate database name. The URL must be in the following format:

      2. jdbc:pointbase:server://<server>/<database_name>

    2. Enter a user name: asiadmin
    3. Enter a password for the user : password
    4. Select the "Create new database" radio button. This will automatically create a database and user.

      5. The dialog box should look as shown in Figure 3-7.

      Figure 3-7 Confirming the PointBase Configuration Settings

Confirming the PointBase Configuration Settings

    1. Press the "OK" button. The database is created, and can be used by AquaLogic Enterprise Security.
    2. Make sure that the database is up when running the AquaLogic Enterprise Security installer, because the installer connects to the database and installs AquaLogic Enterprise Security-related tables.

 

Licensing

The product software cannot be used without a valid license. When you install the Administration Server, the installation program creates an evaluation license that expires in 90 days.

To use the Administration Server in a production environment, you must purchase a license. For information about purchasing a license, contact your BEA Sales Representative.

 

Requirements for Reinstalling the Administration Server

If you are installing the Administration Server on a computer on which the Administration Server was previously installed, refer to Uninstalling and make sure all of the uninstall steps were completed; otherwise the installation may fail.


  Back to Top       Previous  Next