Install Access Gateway
You can install one or more instances of smsps on the same computer. If the installation is successful, the installer installs the Access Gateway Configuration Wizard.
casso1283
You can install one or more instances of
CA Access Gateway
on the same computer. If the installation is successful, the installer installs the Access Gateway Configuration Wizard.3
Hardware Requirements
Computers hosting
CA Single Sign-on
agents require the following hardware:- Windows operating environment requirementsAccess Gateway operating on Windows operating environments require the following hardware:
- CPU: x64
- Memory: 2-GB system RAM.
- Available disk space:
- 2-GB free disk space in the installation location.
- .5-GB free disk space in the temporary location.
- UNIX operating environment requirementsAccess Gateway operating on UNIX operating environments require the following hardware:
- CPU:
- Red Hat operating environment: x64
- Memory: 2-GB system RAM.
- Available disk space:
- 2-GB free disk space in the installation location.
- .5-GB free disk space in /temp.
Verify Prerequisites
Before you install
CA Access Gateway
, verify the following prerequisites:- We recommend that you do not installCA Access Gatewayon the computer where Policy Server is installed.
- JDK—Verify that you installed the supported 64-bit JDK. You can use AdoptOpenJDK HotSpot JVM or a licensed Oracle JDK version. Verify the supported Java version on the Platform Support Matrix.
- (Oracle JDK) JCE—Verify that JRE supports unlimited key strength in the Java Cryptography Extension (JCE) package.For JDK 1.8_161 and later, no additional steps are required.For JDK 1.8_151 to 1.8_160, perform the following steps:
- Navigate to thejdk_home/jre/lib/security directory and open thejava.securityfile.
- Uncomment the following line:crypto.policy=unlimited
- Save the file.
For the other previous versions of JDK, perform the following steps:- Locate the JCE package for your operating system from the Oracle website.
- Download the unlimited JCE package for the Java version that is supported byCA Access Gateway.
- Navigate to thejdk_home\jre\lib\security directory on your system and apply the patch to the following files:
- local_policy.jar
- US_export_policy.jar
Note:
jdk_home
specifies the location of the Java installation.On Linux, verify that the following additional prerequisites are met:
- The folder where you installCA Access Gatewaymust have sufficient permissions (755).
- If you are installingCA Access Gatewayas root user:
- Ensure that the directory to be used forCA Access Gatewayregistry is created before installation.
- Ensure that the root user who installsCA Access Gatewayhas read and write permissions on the selected directory that is used asCA Access Gatewayregistry.
- Ensure that you providenobodyas the user name when prompted for Apache and Tomcat user during installation. If you prefer not to runCA Access Gatewayasnobodyuser, then create an alternate user and assign the necessary permissions.
- If you are installingCA Access Gatewayas non-root User:
- Ensure that the directory to be used forCA Access Gatewayregistry is created before installation.
- Ensure that the non-root user who installsCA Access Gatewayhas read and write permissions on the selected directory that is used asCA Access Gatewayregistry.
- Ensure that you provide the non-root user name (xyz) when prompted for Apache and Tomcat user during installation.Note:Apache & Tomcat user name is the name of the user (xyz) who installed and configuredCA Access Gateway.
- Ensure that you create and maintain oneCA Access Gatewayregistry location to track all the instances ofCA Access Gatewayinstalled on a machine. Prior to release 12.8,/opt/etcwas the default location path provided forCA Access GatewayRegistry. Now that the path is configurable from release 12.8, user can use the chosen configurable location path forCA Access Gatewayregistry for all subsequentCA Access Gatewayinstalls.
- Ensure that you verify any existing instances ofCA Access Gatewayand its registry location and provide the sameCA Access Gatewayregistry location for a freshCA Access Gatewayinstallation. Also, ensure that the current logged in user has write permissions on the registry location.
- Increase the source of randomness for the entropy pool. Use one of the following options:
- (Most secure) Install ahardware entropy generatorand configure the rngd daemon to populate /dev/random by entering the following command:rngd -r /dev/device_name-o /dev/random -bdevice_nameis character device in use. The device name varies depending on the hardware random number generator that you are using, for example, /dev/hwrng.For more information about the rngd daemon, see the Red Hat documentation.
- (Good security) Configure the rngd daemon to populate /dev/random by entering the following command:rngd -r /dev/urandom -o /dev/random -bThird-party alternatives to the rngd entropy daemon are also available.
- (Least secure) Configure a symbolic link between /dev/urandom and /dev/random by entering the following commands:mv /dev/random /dev/random.orgln -s /dev/urandom /dev/random
On Solaris, ensure that the following additional prerequisites are met:
- Configure the following parameters in the httpd.conf file:
- KeepAlive: Defines that multiple requests to same TCP connection are allowed.Default: On
- MaxKeepAliveRequests: Defines the number of requests a connection can serve when KeepAlive is On.
- KeepAliveTimeout: Defines the time in seconds a connection will wait for a subsequent request when KeepAlive is On
- Configure the following parameter in the mpm_worker_module section of the httpd-mpm.conf file:MaxConnectionsPerChild: Defines the number of connections that each child process can handle. The child process dies after reaching the set limit.Default: 0For more information about the parameters, see Apache documentation.
Install
CA Access Gateway
You can install
CA Access Gateway
on Windows or UNIX. CA Access Gateway
sets the instance name of the first installation as default
. You cannot modify the default value or cannot use the same name for any other instance.Install on Windows
Follow these steps:
- Download the installer from CA Support.
- Double-clickca-proxy-version-win64.exe, and selectRun as administrator.
- Review the prerequisites that are required for proceeding with the installation.
- ClickNextwhen you are ready.
- Accept the license agreement and clickNext.
- Specify the installation location and clickNext.
- Select the Java binary that is in the bin folder of the JDK installation. You can use AdoptOpenJDK HotSpot JVM or a licensed Oracle JDK version.For example: C:\Program Files\Java\jdk1.8.0_51\bin\java.exe
- ClickNext.
- Review the installation summary and clickInstall.
- ClickDonewhen the installation is complete.
Install on UNIX
Follow these steps:
- Download the following installer from CA Support:Linux: ca-proxy-12.6-rhas64.bin
- Execute the following command to initiate the installer:Linux: sh ca-proxy-12.6-rhas64.bin
- Review the installation requirements and pressEnterto continue.
- Follow the screen prompt to read the license agreement.
- TypeYwhen prompted to accept the license agreement and press Enter.
- ClickChooseto choose a folder forCA Access Gatewayregistry and clickNext.
- Specify the installation location and pressEnter.
- Type the number corresponding to the Java binary that is in the bin folder of the JDK installation, and pressEnter.
- Review the install summary and pressEnter.
- Exit the installer when the installation is complete.
You can check the InstallLog file to verify that the installation is successful.
Default Location
: accessgateway_home
\install_config_info\CA_Access_Gateway_Install_date
_time
.logInstall Multiple Instances of
CA Access Gateway
You can install multiple
CA Access Gateway
instances on the same computer. Each instance uses a unique instance name and port for communication, and creates a separate directory structure and services. Install Multiple Instances on Windows
Follow these steps:
- Navigate to the location where you downloaded the installer.
- Double-clickca-proxy-version-win64.exe.
- Review the installation requirements and clickNext.
- Accept the license agreement and clickNext.
- ChooseNew instanceas the install type.
- Review the criteria to name an instance and enter a name for the new instance.
- ClickNext.
- Specify the installation location and clickNext.
- Select the Java binary that is in the bin folder of the JDK installation. You can use AdoptOpenJDK HotSpot JVM or a licensed Oracle JDK version.For example: C:\Program Files\Java\jdk1.8.0_51\bin\java.exe
- ClickNext.
- Review the installation summary and clickInstall.
- ClickDonewhen the installation is complete.
- (Optional) To install more instances, perform Steps 2-12 on the same computer.
Install Multiple Instances on UNIX
Follow these steps
:- Navigate to the location where you downloaded the installer.
- Execute the following command to initiate the installer:Linux: sh ca-proxy-12.6-rhas64.bin
- Review the installation requirements and pressEnterto continue.
- Follow the screen prompt to read the license agreement.
- TypeYwhen prompted to accept the license agreement and pressEnter.
- ClickChooseto choose a folder forCA Access Gatewayregistry and clickNext.
- Type1to install a new instance.
- Review the criteria to name an instance, enter a name for the new instance, and pressEnter.
- Specify the installation location and pressEnter.
- Choose the Java binary that is in the bin folder of the JDK installation. Type the number and pressEnter.
- Review the install summary and pressEnter.
- Exit the installer when the installation is complete.
- (Optional) To install more instances, perform Steps 2-11 on the same computer.
Proceed with the configuration of each instance.
Reinstall
CA Access Gateway
You can reinstall
CA Access Gateway
to troubleshoot any configuration issues.Reinstall on Windows
Follow these steps
:- Navigate to the location where you downloaded the installer.
- Double-clickca-proxy-version-win64.exe.
- Review the installation requirements and clickNext.
- Accept the license agreement and clickNext.
- ChooseView existing instancesand clickNext.A list of instances that are installed on the computer is displayed.
- Select the instance and clickNext.CA Access Gatewayverifies if the selected instance can be reinstalled or upgraded, and displays a message accordingly.
- If the selected instance can be reinstalled, clickOK.
Reinstall on UNIX
Follow these steps
:- Navigate to the location where you downloaded the installer.
- Execute the following command to initiate the installer:Linux: sh ca-proxy-12.6-rhas64.bin
- Review the installation requirements and pressEnterto continue.
- Follow the screen prompt to read the license agreement.
- TypeYwhen prompted to accept the license agreement and pressEnter.
- ClickChooseto choose a folder forCA Access Gatewayregistry and click Next.
- Type2and pressEnter.A list of instances that are installed on the computer is displayed.
- Select the instance and clickNext.CA Access Gatewayverifies if the selected instance can be reinstalled or upgraded, and displays a message accordingly.
- If the selected instance can be reinstalled, pressEnter.
Uninstall
CA Access Gateway
Uninstall on Windows
Follow these steps:
- Open the command prompt and navigate to the root installation directory.
- Execute the following command for each instance you want to uninstall:ca-sps-uninstall.cmd
Uninstall on UNIX
Follow these steps:
- Open a console window and navigate to the root installation directory.
- Execute the following command to source theCA Access Gatewayenvironment:source ca_sps_env.sh
- Run the following program:./ca-sps-uninstall.shNote: If you have modified any files such as server.conf, the uninstall program does not remove these files or their parent folders automatically. You must delete the files and folders manually.