Prepare the Server

This article describes the steps to prepare a server for Enterprise Management Server installation.
cminder12901
This article describes the steps to prepare a server for Enterprise Management Server installation.
Windows
Prepare a Windows server before installing the Enterprise Management Server.
Follow these steps:
  1. Install third-party components: Java Development Kit (JDK) and JBoss
    1. Download third-party ISO image file from http://support.ca.com
      DVD - CA Privilege Identity Manager 12.9 SP1 3rd Party Components for Windows 
    2. Mount the ISO image file. The kit contains the prerequisite installation utility (
      PrereqInstaller
      ) and the supported version of JBoss and JDK.
    3. Install third-party components using 
      one
       of the following methods:
      • Method 1 - Install the third-party software (JDK and JBoss), individually.
      • Method 2 - Install the third-party software using the prerequisite installation utility. The utility installs JDK, JBoss, and launches the Enterprise Management Server.
        Follow these steps:
          1. Navigate to the 
            PrereqInstaller
             directory on the mounted drive and run 
            install_PRK.exe
            .
          2. Complete the 
            InstallAnyWhere
             wizard as required.
            To configure more JBoss port numbers, select 
            Advanced Configuration
             in the 
            JBoss Installation
             page. If you specify a JBoss port that is busy, the installer prompts to specify a different port number.
          3. Review the summary report and click 
            Install
            . The third-party software installation starts and can take some time.
          4. The installer prompts to launch the Enterprise Management Server, after installing the third-party components. Perform 
            one of the following actions
            :
            • Specify the folder containing the Enterprise Management Server installer. Specify a custom FIPS key to install secondary Enterprise Management Server for load balancing, high availability, or disaster recovery. Next, click 
              Done 
              and then 
              Finish
              .
            • If you do not want to install the Enterprise Management Server now, click 
              Done
               and then 
              Finish
        • See Deploy the Enterprise Management Server for steps to install the Enterprise Management Server on the Windows server.
        • To ensure that JDK is always compatible, turn off automatic java updates. When the automatic Java updates are not turned off, Java can automatically update itself causing the Enterprise Management Server to fail.
          To turn off the automatically run Java-Updater, remove the following registry key:
          HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
  2. Replace the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to support high-strength Cipher suites.
    You can replace
    JCE before or after installing the Enterprise Management Server. If you replace JCE after installing the Enterprise Management Server, then restart the server.
    1. Copy the 
      UnlimitedJCE
       directory from the drive where you have mounted the third-party ISO image file to a temporary location on the server. The directory contains the script 
      Unlimited_JCE_Jar_Replace
       and the Jar files.
    2. Run the script 
      Unlimited_JCE_Jar_Replace
      .
      bat
       and enter the following information:
      • JDK Path
        Default:
         c:\Program Files\Java\jdk1.8.0
      • Path to backup existing Policy files
        Example:
         c:\backup
      • Path of the temporary location where you have copied the
        UnlimitedJCE
        directory 
You have prepared the Windows server for the Enterprise Management Server installation.
Linux
Prepare a Linux server before installing the Enterprise Management Server.
Follow these steps:
  1. Log in to the server as a root user.
  2. Verify that the server hostname is short name.Example: Use
    mymachine
    instead of
    mymachine.domain.com
     
  3. Verify that the following packages are installed on the server: 
    Packages
    audit-libs i686 
    dejavu-sans-mono-fonts noarch
    libstdc++ x86_64
    audit-libs x86_64 
    dos2unix x86_64
    libstdc++-devel x86_64
    audit-libs-devel x86_64 
    elfutils x86_64
    libXext i686
    audit-libs-python x86_64 
    elfutils-libs x86_64
    libXext x86_64
    bc x86_64 
    fprintd-pam x86_64
    libXext-devel x86_64
    boost-devel x86_64
    freerdp x86_64
    libXp i686
    cairo x86_64
    freerdp-libs x86_64
    libXp x86_64
    compat-db x86_64
    glib2-devel x86_64
    libXpm x86_64
    compat-db42 x86_64
    glibc i686
    libXt i686
    compat-db43 x86_64
    glibc x86_64
    libXt x86_64
    compat-expat1 x86_64
    glibc-common x86_64
    libXt-devel x86_64
    compat-glibc x86_64
    glibc-devel x86_64
    libXtst x86_64
    compat-glibc-headers x86_64
    glibc-headers x86_64
    libXtst-devel x86_64
    compat-libcap1 x86_64
    gnome-keyring-pam x86_64
    mksh x86_64
    compat-libf2c x86_64
    ksh x86_64
    ncurses x86_64
    compat-libgfortran x86_64
    libgcc i686
    ncurses-base x86_64
    compat-libstdc++ i686
    libgcc x86_64
    ncurses-devel i686
    compat-libstdc++ x86_64
    libICE i686
    ncurses-devel x86_64
    compat-libtermcap x86_64
    libICE x86_64
    ncurses-libs i686
    compat-openldap x86_64
    libICE-devel x86_64
    ncurses-libs x86_64
    compat-openmpi x86_64
    libpng x86_64
    pam i686
    compat-openmpi-psm x86_64
    libselinux i686
    pam x86_64
    compat-opensm-libs x86_64
    libselinux x86_64
    pam_krb5 x86_64
    compat-readline5 x86_64
    libSM i686
    pam_passwdqc x86_64
    cracklib x86_64
    libSM x86_64
    pam-devel x86_64
    db4 i686
    libSM-devel x86_64
    pango x86_64
    db4 x86_64
    libssh2 x86_64
    rpm-build x86_64
    dejavu-fonts-common noarch
    libstdc++- i686
     
  4. Install third-party components: Java Development Kit (JDK) and JBoss 
    1. Download the third-party components ISO image file from http://support.ca.com.
      DVD - CA Privilege Identity Manager 12.9 SP1 3rd Party Components for Linux 
    2. Mount the ISO image file.
    3. Install a supported version of JDK from the mounted location.
      1. Install JDK using the rpm file.
        rpm -ivh jdk-8u51-linux-x64.rpm
      2. Append the JDK/bin path to the system PATH. 
        For example, to set the path "/usr/java/jdk1.8.0_51/" using the bash shell, enter the following command:
        export PATH=/usr/java/jdk1.8.0_51/bin:$PATH
        To set the path permanently, add this command to the shell start-up file.
    4. Install a supported JBoss version from the mounted location.
      1. Copy JBoss to /opt and then unzip in /opt.
        cp jboss-4.2.3.GA.zip /opt
        cd /opt
        unzip jboss-4.2.3.GA.zip (assumes that unzip is in the path)
        rm jboss-4.2.3.GA.zip
      2. Change the port number from 8080 to 18080, and change the redirect port from 8443 to 18443 in 
        server.xml
        .
        JBOSS_DIR=/opt/jboss-4.2.3.GA
        sed -i s/"8080"/"18080"/ $JBOSS_DIR/server/default/deploy/jboss-web.deployer/server.xml
        sed -i s/"8443"/"18443"/ $JBOSS_DIR/server/default/deploy/jboss-web.deployer/server.xml
        sed -i s/"1099"/"11099"/ $JBOSS_DIR/server/default/conf/jboss-service.xml
  5. Replace 
    Java Cryptography Extension (JCE)
     Unlimited Strength Jurisdiction Policy Files to support high-strength Cipher suites.
    1. Copy the 
      UnlimitedJCE
       directory from the drive where you have mounted the third-party ISO image file to a temporary location on the server. The directory contains the script 
      Unlimited_JCE_Jar_Replace
       and the Jar files.
      cp -pR UnlimitedJCE /tmp
    2. Run the script 
      Unlimited_JCE_Jar_Replace.sh
       and enter the following information:
      • JRE PATH
        Default:
         /usr/java/jdk1.8.0_51/jre
      • PATH to backup existing JRE Policy files
        Example:
         /usr/tmp/backup
      • Path of the temporary location where you have copied the UnlimitedJCE directory
        Example:
         /usr/tmp/newjars
  6. Change the maximum number of open files to avoid failures during the installation:
    ulimit –n 10000
  7. Verify that the rpm-build package from the Linux distribution is installed. The Enterprise Management Server requires this package to install Advanced Policy Management on the server.
    rpm -qa rpm-build