Install Access Gateway

You can install one or more instances of smsps on the same computer. If the installation is successful, the installer installs the Access Gateway Configuration Wizard.
casso1283
You can install one or more instances of 
Access Gateway
 on the same computer. If the installation is successful, the installer installs the Access Gateway Configuration Wizard.
 
 
3
 
 
Hardware Requirements 
Computers hosting 
SiteMinder
 agents require the following hardware:
  •  
    Windows operating environment requirements
    Access Gateway operating on Windows operating environments require the following hardware:
    • CPU: x64
    • Memory: 2-GB system RAM.
    • Available disk space:
    • 2-GB free disk space in the installation location.
    • .5-GB free disk space in the temporary location.
  •  
    UNIX operating environment requirements
    Access Gateway operating on UNIX operating environments require the following hardware:
    • CPU:
      • Red Hat operating environment: x64
    • Memory: 2-GB system RAM.
    • Available disk space:
      • 2-GB free disk space in the installation location.
      • .5-GB free disk space in /temp.
Verify Prerequisites
Before you install 
Access Gateway
, verify the following prerequisites:
  • We recommend that you do not install 
    Access Gateway
     on the computer where Policy Server is installed.
  •  
    JDK
    —Verify that you installed the supported 64-bit JDK. You can use AdoptOpenJDK HotSpot JVM or a licensed Oracle JDK version. Verify the supported Java version on the Platform Support Matrix
  •  
    (Oracle JDK) JCE—Verify that JRE supports unlimited key strength in the Java Cryptography Extension (JCE) package.
    For JDK 1.8_161 and later, no additional steps are required.
    For JDK 1.8_151 to 1.8_160, perform the following steps:
    1. Navigate to the 
      jdk_home
      /jre/lib/security directory and open the 
      java.security
       file.
    2. Uncomment the following line:
       
      crypto.policy=unlimited
       
    3. Save the file.
    For the other previous versions of JDK, perform the following steps:
    1. Locate the JCE package for your operating system from the Oracle website.
    2. Download the unlimited JCE package for the Java version that is supported by 
      Access Gateway
    3. Navigate to the 
      jdk_home
      \jre\lib\security directory on your system and apply the patch to the following files:
      • local_policy.jar
      • US_export_policy.jar
Note:
 
 jdk_home
 specifies the location of the Java installation.
On Linux, verify that the following additional prerequisites are met:
  • The folder where you install 
    Access Gateway
     must have sufficient permissions (755).
    • If you are installing 
      Access Gateway
       as root user:
      • Ensure that the directory to be used for  
        Access Gateway
         registry is created before installation.
      • Ensure that the root user who installs 
        Access Gateway
         has read and write permissions on the selected directory that is used as 
        Access Gateway
         registry.
      • Ensure that you provide 
        nobody
         as the user name when prompted for Apache and Tomcat user during installation. If you prefer not to run 
        Access Gateway
         as 
        nobody
         user, then create an alternate user and assign the necessary permissions.
    • If you are installing 
      Access Gateway
       as non-root User:
      • Ensure that the directory to be used for 
        Access Gateway
         registry is created before installation.
      • Ensure that the non-root user who installs 
        Access Gateway
         has read and write permissions on the selected directory that is used as 
        Access Gateway
         registry.
      • Ensure that you provide the non-root user name (xyz) when prompted for Apache and Tomcat user during installation.
        Note:
         Apache & Tomcat user name is the name of the user (xyz) who installed and configured 
        Access Gateway
        .
  • Ensure that you create and maintain one 
    Access Gateway
     registry location to track all the instances of 
    Access Gateway
     installed on a machine. Prior to release 12.8, 
    /opt/etc
     was the default location path provided for 
    Access Gateway
     Registry. Now that the path is configurable from release 12.8, user can use the chosen configurable location path for 
    Access Gateway
     registry for all subsequent 
    Access Gateway
     installs.
  • Ensure that you verify any existing instances of 
    Access Gateway
     and its registry location and provide the same 
    Access Gateway
     registry location for a fresh 
    Access Gateway
     installation. Also, ensure that the current logged in user has write permissions on the registry location.
  • Increase the source of randomness for the entropy pool. Use one of the following options:
    •  (Most secure) Install a 
      hardware entropy generator
       and configure the rngd daemon to populate /dev/random by entering the following command:
      rngd -r /dev/
      device_name
      -o /dev/random -b
       
      device_name
       is character device in use. The device name varies depending on the hardware random number generator that you are using, for example, /dev/hwrng.
      For more information about the rngd daemon, see the Red Hat documentation.
      • (Good security) Configure the rngd daemon to populate /dev/random by entering the following command:
        rngd -r /dev/urandom -o /dev/random -b
        Third-party alternatives to the rngd entropy daemon are also available.
      • (Least secure) Configure a symbolic link between /dev/urandom and /dev/random by entering the following commands:
        mv /dev/random /dev/random.org
        ln -s /dev/urandom /dev/random
On Solaris, ensure that the following additional prerequisites are met:
  • Configure the following parameters in the httpd.conf file:
    • KeepAlive
      : Defines that multiple requests to same TCP connection are allowed.
      Default
      : On
    • MaxKeepAliveRequests
      : Defines the number of requests a connection can serve when KeepAlive is On.
    • KeepAliveTimeout
      : Defines the time in seconds a connection will wait for a subsequent request when KeepAlive is On
  • Configure the following parameter in the mpm_worker_module section of the httpd-mpm.conf file:
    MaxConnectionsPerChild
    : Defines the number of connections that each child process can handle. The child process dies after reaching the set limit.
    Default
    : 0 
     For more information about the parameters, see Apache documentation. 
Install 
Access Gateway
 
You can install 
Access Gateway
 on Windows or UNIX. 
Access Gateway
 sets the instance name of the first installation as 
default
. You cannot modify the default value or cannot use the same name for any other instance.
Install on Windows
 
Follow these steps:
 
  1. Download the installer from CA Support.
  2. Double-click 
    ca-proxy-version-win64.exe
    , and select
     Run as administrator
    .
  3. Review the prerequisites that are required for proceeding with the installation.
  4. Click 
    Next
     when you are ready. 
  5. Accept the license agreement and click 
    Next
    .
  6. Specify the installation location and click 
    Next
    .
  7. Select the Java binary that is in the bin folder of the JDK installation. You can use AdoptOpenJDK HotSpot JVM or a licensed Oracle JDK version.
    For example
    : C:\Program Files\Java\jdk1.8.0_51\bin\java.exe
  8. Click 
    Next
    .
  9. Review the installation summary and click 
    Install
    .
  10. Click 
    Done
     when the installation is complete.
Install on UNIX
 
Follow these steps:
 
  1. Download the following installer from CA Support:
    Linux: ca-proxy-12.6-rhas64.bin
  2. Execute the following command to initiate the installer:
    Linux: sh ca-proxy-12.6-rhas64.bin
  3. Review the installation requirements and press 
    Enter
     to continue.
  4. Follow the screen prompt to read the license agreement.
  5. Type 
    Y
     when prompted to accept the license agreement and press Enter.
  6. Click 
    Choose
     to choose a folder for 
    Access Gateway
     registry and click 
    Next
    .
  7. Specify the installation location and press 
    Enter
    .
  8. Type the number corresponding to the Java binary that is in the bin folder of the JDK installation, and press 
    Enter
    .
  9. Review the install summary and press 
    Enter
    .
  10. Exit the installer when the installation is complete.
You can check the InstallLog file to verify that the installation is successful.
Default Location
accessgateway_home
\install_config_info\CA_Access_Gateway_Install_
date
_
time
.log
Install Multiple Instances of 
Access Gateway
 
You can install multiple 
Access Gateway
 instances on the same computer. Each instance uses a unique instance name and port for communication, and creates a separate directory structure and services. 
Install Multiple Instances on Windows
 
Follow these steps:
 
  1. Navigate to the location where you downloaded the installer.
  2. Double-click 
    ca-proxy-version-win64.exe
    .
  3. Review the installation requirements and click 
    Next
  4. Accept the license agreement and click 
    Next
    .
  5. Choose 
    New instance
     as the install type. 
  6. Review the criteria to name an instance and enter a name for the new instance.
  7. Click 
    Next
    .
  8. Specify the installation location and click 
    Next
    .
  9. Select the Java binary that is in the bin folder of the JDK installation. You can use AdoptOpenJDK HotSpot JVM or a licensed Oracle JDK version.
    For example
    : C:\Program Files\Java\jdk1.8.0_51\bin\java.exe
  10. Click 
    Next
    .
  11. Review the installation summary and click 
    Install
    .
  12. Click 
    Done
     when the installation is complete.
  13. (Optional) To install more instances, perform Steps 2-12 on the same computer.
Install Multiple Instances on UNIX
 
Follow these steps
:
  1. Navigate to the location where you downloaded the installer.
  2. Execute the following command to initiate the installer:
    Linux: sh ca-proxy-12.6-rhas64.bin
  3. Review the installation requirements and press 
    Enter
     to continue.
  4. Follow the screen prompt to read the license agreement.
  5. Type 
    Y
     when prompted to accept the license agreement and press 
    Enter
    .
  6. Click 
    Choose
     to choose a folder for 
    Access Gateway
     registry and click 
    Next
    .
  7. Type 
    1
     to install a new instance.
  8. Review the criteria to name an instance, enter a name for the new instance, and press 
    Enter
    .
  9. Specify the installation location and press 
    Enter
    .
  10. Choose the Java binary that is in the bin folder of the JDK installation. Type the number and press 
    Enter
    .
  11. Review the install summary and press 
    Enter
    .
  12. Exit the installer when the installation is complete.
  13. (Optional) To install more instances, perform Steps 2-11 on the same computer.
Proceed with the configuration of each instance.
Reinstall 
Access Gateway
 
You can reinstall 
Access Gateway
 to troubleshoot any configuration issues.
Reinstall on Windows
 
Follow these steps
:
  1. Navigate to the location where you downloaded the installer.
  2. Double-click 
    ca-proxy-version-win64.exe
    .
  3. Review the installation requirements and click 
    Next
    .
  4. Accept the license agreement and click 
    Next
    .
  5. Choose 
    View existing instances
     and click 
    Next
    .
    A list of instances that are installed on the computer is displayed.
  6. Select the instance and click 
    Next
    .
    Access Gateway
     verifies if the selected instance can be reinstalled or upgraded, and displays a message accordingly.
  7. If the selected instance can be reinstalled, click 
    OK
    .
Reinstall on UNIX
 
Follow these steps
:
  1. Navigate to the location where you downloaded the installer.
  2. Execute the following command to initiate the installer:
    Linux: sh ca-proxy-12.6-rhas64.bin
  3. Review the installation requirements and press 
    Enter
     to continue.
  4. Follow the screen prompt to read the license agreement.
  5. Type 
    Y
     when prompted to accept the license agreement and press 
    Enter
    .
  6. Click 
    Choose
     to choose a folder for 
    Access Gateway
     registry and click Next.
  7. Type 
    2
     and press 
    Enter
    .
    A list of instances that are installed on the computer is displayed.
  8. Select the instance and click 
    Next
    .
    Access Gateway
     verifies if the selected instance can be reinstalled or upgraded, and displays a message accordingly. 
  9. If the selected instance can be reinstalled, press 
    Enter
    .
Uninstall 
Access Gateway
 
Uninstall on Windows
 
Follow these steps:
 
  1. Open the command prompt and navigate to the root installation directory.
  2. Execute the following command for each instance you want to uninstall:
    ca-sps-uninstall.cmd
Uninstall on UNIX
 
Follow these steps:
 
  1. Open a console window and navigate to the root installation directory.
  2. Execute the following command to source the 
    Access Gateway
     environment:
    source ca_sps_env.sh
  3. Run the following program:
    ./ca-sps-uninstall.sh
     
    Note
    : If you have modified any files such as server.conf, the uninstall program does not remove these files or their parent folders automatically. You must delete the files and folders manually.