Complete Pre-Installation Tasks

Before you install CA Risk Authentication and its components, ensure that your computer meets all the system requirements. For information about hardware and software requirements, see the Platform Support Matrix.
aa9
Before you install CA Risk Authentication and its components, ensure that your computer meets all the system requirements. For information about hardware and software requirements, see the .
This section has the following sections regarding this installation:
 
 
3
 
 
Configure Database Server
Before installation setup a database for storing user information, server configuration data, audit log data, and other information.
CA Risk Authentication supports a primary database and a backup database that can be used during failover in high-availability deployments. Each supported database has specific configuration requirements. During installation, the database is configured when the installer automatically edits the arcotcommon.ini file with the database information you supply.
See the following configuration requirements for each supported database (Microsoft SQL Server or Oracle):
Configure Microsoft SQL Server
This section provides the following configuration procedure for SQL Server:
 
Note:
 See the SQL Server documentation for detailed information about performing the tasks listed in this section.
Follow these steps:
  1. Verify that SQL Server is configured to use the SQL Server and Windows Authentication mode for Server authentication. Right-click the server in the Object Explorer window and select the Security page.
    For Microsoft SQL Server, create a database with the collation: SQL_Latin1_General_CP1_CI_AS
    CA Risk Authentication cannot connect to the database when SQL Server is configured to Windows Authentication Mode.
  2. Create a database by the following criteria:
    • The recommended name is arcotdb.
    • The database size must be configured to grow automatically.
  3. Create a DB user (CH4_SQL) by performing the following steps:
    1. In the SQL Server Management Studio, go to <SQL_Server_Name>; expand the Security folder, and then click Login.
      Note:
       The <SQL_Server_Name> refers to the host name or IP address of the SQL Server where you created your database.
    2. Right-click the Login folder, and click New Login.
    3. Enter the Login name (recommended name is arcotuser).
    4. Set the parameter to Authentication to SQL Server Authentication.
    5. Specify Password and Confirm password for the login.
    6. Ensure that you specify other password settings on this page according to the password policies in your organization.
    7. Make the database (arcotdb) you created as the default database.
    8. Perform the mapping of the users to this login section.
    9. Map the user (SQL 2005) for the default database, to db_owner (in the Database role membership for: <db_name> section).
Configure Oracle Server
This section provides the configuration information for creating Oracle database server.
Prerequisites
  1. Run CA Risk Authentication on Oracle with two table-spaces. The reasons to have two table-spaces are as follows:
    • Use the first tablespace for configuration data, audit logs, and user information. This tablespace can be the default user tablespace in the CA Risk Authentication database.
    • Run the reports on the second tablespace. We recommend that you use a separate tablespace to run the reports.
  2. Use CA Risk Authentication Database Configuration Script. The script automatically creates the tablespace for reports, if the database user has sufficient permissions to create a tablespace. When the user does not have the required permissions, the db administrator must manually create this tablespace and delete the section for creating reports in the script.
    db-config-for-common.sql
    The parameters for creating the reports tablespace in the db-config-for-common.sql database script can be changed according to the preferences of the db administrator. However, the tablespace name must be ARReports to generate reports successfully.
To create an Oracle server, perform the following steps:
CA Advanced Authentication supports AL32UTF8 as the default character set in the database. The database setup allows CA Advanced Authentication to use international characters including double-byte languages.
  1. Create a database that stores information in the UTF-8 character set. This approach allows CA Risk Authentication to use international characters including double-byte languages. See the following steps to enable UTF-8 support for Oracle database:
    1. Log in to the Oracle database server as SYS or SYSTEM.
    2. Ensure the character set is UTF-8.
  2. Create a database user:
    1. Create a user (recommended name is arcotuser), with a schema in the new database arcotdb.
    2. Set the quota of user to at least 5 GB to 10 GB for a development or test deployment.
      Note:
       If the deployment is for the production environment, staging, or other intensive testing, see Database Reference to determine the quota that is required for a user.
    3. Grant the DBA role to the user.
 
Note:
 For JBoss Application Server, follow the steps while configuring a backup database:
  1. Edit module.xml in <JBOSS_HOME>\modules\system\layers\base\sun\jdk\main with the following statements
    • <path name="com/sun/rowset"/>
    • <path name="com/sun/rowset/internal"/>
    • <path name="com/sun/rowset/providers"/>
  2. Restart the application server.
To protect the database server, use a firewall or any other access control mechanism and set to the same time-zone as all dependent products.
Set up the Data Store and Database Information
Before you proceed with the CA Risk Authentication installation, set up the data store, the Database Client, and gather the required database information. Ensure that the correct JDK version and application server are installed.
Configure UTF-8 Support on Client Systems
Enable the UTF-8 support on the systems where you plan to install CA Risk Authentication components that communicate with the database server. See the hardware vendor documentation for more information.
HSM Requirements
aa9
You can store sensitive keys either in the database or in a Hardware Security Module (HSM). You can store the various encryption keys and the CA Strong Authentication Server listener SSL key in the HSM. The following lists the supported HSM modules and the requirements for both.
Supported HSM Modules
  • Thales nCipher netHSM (or nCipher netHSM)
  • SafeNet High Availability HSM (or Luna HSM)
Requirements for HSM
  • Java Cryptography Extension (JCE) framework that is provided with the 32-bit versions of JDK 6.0 and JDK 7.0
  • pkcs11v2.01 (PKCS #11)
Decide whether to use an HSM while you are still in the planning and preparation stages. If you decide to use HSM after installation, you then reinitialize the database to undo software key encryption.
If you are planning to use HSM to store encryption keys, then set up the following components before you proceed:
  1. HSM Server
  2. HSM Client
  3. At least one 3DES key in HSM
Write down the labels of these 3DES keys which are used while encrypting information in the database.
See your HSM vendor documentation for information about HSM installation and configuration, and 3DES key generation.
Requirements for Java-Dependent Components
Install the following components that are required by Administration Console, CA Risk Authentication Java SDKs, and web services. See for specific supported versions. 
  • Java JDK
    If you perform a fresh installation of JDK, then set the JAVA_HOME environment variable. The PATH variable must point to %JAVA_HOME%\
    bin
    \ for windows and $JAVA_HOME/bin for Linux. If you fail to do so, Administration Console and other JDK-dependent components fail to start.
  • Application Server (Tomcat, WebSphere, JBoss, WebLogic)
Next Step:
 
Deploy CA Risk Authentication on a single system or on a distributed system: