IDENTIKEY Server Windows Installation Guide 3.2

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "IDENTIKEY Server Windows Installation Guide 3.2"

Transcription

1 IDENTIKEY Server Windows Installation Guide 3.2

2 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express or implied, including but not limited to warranties of merchantable quality, merchantability of fitness for a particular purpose, or those arising by law, statute, usage of trade or course of dealing. The entire risk as to the results and performance of the product is assumed by you. Neither we nor our dealers or suppliers shall have any liability to you or any other person or entity for any indirect, incidental, special or consequential damages whatsoever, including but not limited to loss of revenue or profit, lost or damaged data of other commercial or economic loss, even if we have been advised of the possibility of such damages or they are foreseeable; or for claims by a third party. Our maximum aggregate liability to you, and that of our dealers and suppliers shall not exceed the amount paid by you for the Product. The limitations in this section shall apply whether or not the alleged breach or default is a breach of a fundamental condition or term, or a fundamental breach. Some states/countries do not allow the exclusion or limitation or liability for consequential or incidental damages so the above limitation may not apply to you. Copyright Copyright 2010 VASCO Data Security, Inc., VASCO Data Security International GmbH. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of VASCO Data Security Inc. Trademarks VASCO, Vacman, IDENTIKEY, axsguard, DIGIPASS, and are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security International GmbH in the U.S. and other countries. Document Version: 2.1

3 Table of Contents Table of Contents 1 2 Introduction Software Components System Requirements Available Guides Pre-installation Tasks Set Up Data Store for IDENTIKEY Server ODBC Database Active Directory Serial Number and Maintenance ID Microsoft SQL Server using Windows Native Authentication Start IDENTIKEY Server Installation IDENTIKEY Server Component Tomcat Upgrade Install IDENTIKEY Server in Basic Mode ODBC Basic Installation Mode Basic Installation Install IDENTIKEY Server in Advanced mode - ODBC Advanced Installation Set Up a Hardware Security Module Install IDENTIKEY Server - Active Directory Active Directory Scenario and Decisions Install IDENTIKEY Server for Active Directory Answers File Generating the Answers File Updating the Answers File Using the Answers File Sample Answers File Deploy IDENTIKEY Server Administration Web Interface Manually Deploy Administration Web Interface on the same machine as IDENTIKEY Server Deploy Administration Web Interface on a Dedicated Machine

4 Table of Contents 9.3 Web Administration Setup Tool Post-Installation Tasks Licensing Backup Strategy Audit Settings Database Tasks Set Up User Self Management and OTP Request Websites Increase Tomcat Memory Allocation (64-bit Only) Install Additional IDENTIKEY Server Install IDENTIKEY Server Component Configure Additional IDENTIKEY Servers Replication Add Components to Installation Upgrade IDENTIKEY Server Upgrade Paths System Requirements Upgrade IDENTIKEY Server for 32-bit and 64-bit Windows Extend Data Store Schema DPDBAdmin AddSchema Command DPADAdmin AddSchema Command SSL Server Certificate Encryption Algorithms Client Applications Validating Server Certificate SHA-256 Not Supported Operating Systems without SHA-256 Support Operating Systems and Supplicants with SHA-256 Support Repair Installation Uninstall IDENTIKEY Server Data Removal Ports Technical Support

5 Table of Contents Illustration Index Image 1: IDENTIKEY Server Installation Welcome Window...24 Image 2: IDENTIKEY Server Installation Welcome Window...25 Image 3: IDENTIKEY Server Setup Window...26 Image 4: IDENTIKEY Server Installation - Installation Type Window...28 Image 5: IDENTIKEY Server Installation -License Agreement Window...29 Image 6: IDENTIKEY Server Installation - Select Installation Path Window...30 Image 7: IDENTIKEY Server Installation - Installation Progress Window...31 Image 8: IDENTIKEY Server Installation - Installation Progress Window...32 Image 9: IDENTIKEY Server Installation - Installation Progress Window - PostgreSQL...33 Image 10: IDENTIKEY Server Configuration Wizard - Start Window...34 Image 11: IDENTIKEY Server Configuration Wizard - IP Address Window...35 Image 12: IDENTIKEY Server Configuration Wizard - License Window...36 Image 13: IDENTIKEY Server Configuration Wizard - Server Functionality Window...37 Image 14: IDENTIKEY Server Configuration Wizard - First Administrator Window...38 Image 15: IDENTIKEY Server Configuration Wizard - Server Certificate Window...39 Image 16: IDENTIKEY Server Configuration Wizard - RADIUS Topology Window...40 Image 17: IDENTIKEY Server Configuration Wizard - RADIUS Client Window...41 Image 18: IDENTIKEY Server Configuration Wizard - RADIUS Server Window...42 Image 19: IDENTIKEY Server Configuration Wizard Confirmation...43 Image 20: IDENTIKEY Server Configuration Wizard Summary Window...44 Image 21: Import DPX Files Window...45 Image 22: IDENTIKEY Server Installation Complete Window...46 Image 23: IDENTIKEY Server Select Installation Type Window...47 Image 24: IDENTIKEY Server Installation - Data Storage Window...48 Image 25: IDENTIKEY Server Installation Select Components Window...49 Image 26: IDENTIKEY Server Installation License Agreement Window...50 Image 27: IDENTIKEY Server Installation Custom Setup window...51 Image 28:IDENTIKEY Server Installation Ready to Install IDENTIKEY Server window...52 Image 29: Installing IDENTIKEY Server progress window...53 Image 30: IDENTIKEY Server Setup Wizard Completed window...54 Image 31: IDENTIKEY Server Installation - Select Components window...55 Image 32: IDENTIKEY Server Configuration Wizard - Start Window...56 Image 33: IDENTIKEY Server Config IP Address Window...57 Image 34: IDENTIKEY Server Configuration Wizard License Window

6 Table of Contents Image 35: IDENTIKEY Server Configuration Wizard Server Functionality Window...59 Image 36: IDENTIKEY Server Configuration Wizard - HSM Window...60 Image 37: IDENTIKEY Server Configuration Wizard Database Window...61 Image 38: IDENTIKEY Server Configuration Wizard - User ID/Domain conversion Window...62 Image 39: IDENTIKEY Server Configuration Wizard - Master Domain Window...63 Image 40: IDENTIKEY Server First Administrator Window...64 Image 41: IDENTIKEY Server Sensitive Data Encryption Window...65 Image 42: IDENTIKEY Server Custom Data Encryption Window...66 Image 43: IDENTIKEY Server Load Data Encryption Window...67 Image 44: IDENTIKEY Server SSL Server Certificate Installation...68 Image 45: IDENTIKEY Server Configuration Wizard SSL Server Certificate Details Window...69 Image 46: IDENTIKEY Server Configuration Wizard SSL Server Certificate Selection Window...70 Image 47: IDENTIKEY Server RADIUS TLS Server Certificate Selection...71 Image 48: IDENTIKEY Server RADIUS TLS Server Certificate Password...72 Image 49: IDENTIKEY Server RADIUS SSL Server Certificate Selection...73 Image 50: IDENTIKEY Server Automatic Server Location Support...74 Image 51: IDENTIKEY Server Deploy Web Administration Interfaces...75 Image 52: IDENTIKEY ServerSample Web Client Window...76 Image 53: IDENTIKEY Server Configuration Wizard Summary Window...77 Image 54: IDENTIKEY Server Configuration Wizard Confirmation Window...78 Image 55:Select Components completed Window...79 Image 56:Installation Completed page...80 Image 57: IDENTIKEY Server Setup - Installation Type window...86 Image 58: IDENTIKEY Server Setup - Data Storage window...87 Image 59: IDENTIKEY Server Setup DIGIPASS Extension for Active Directory Prerequisites window...88 Image 60: Microsoft.NET license agreement...89 Image 61: IDENTIKEY Server Setup DIGIPASS Extension for Active Directory Prerequisites window...90 Image 62: IDENTIKEY Server Setup DIGIPASS Extension for Active Directory Prerequisites installation complete window...91 Image 63: IDENTIKEY Server Setup - Select Components Window...92 Image 64: IDENTIKEY Server Setup Wizard Start Page...93 Image 65: IDENTIKEY Server Setup - License Agreement Window...94 Image 66: IDENTIKEY Server Setup - Custom Setup window...95 Image 67: IDENTIKEY Server Setup - Ready to Install IDENTIKEY Server window...96 Image 68: Installing IDENTIKEY Server progress window...97 Image 69: IDENTIKEY Server Setup Wizard finish window...98 Image 70: IDENTIKEY Server Installed Select Components

7 Table of Contents Image 71: IDENTIKEY Server Configuration Wizard Start Window Image 72: IDENTIKEY Server Configuration Wizard IP Address Window Image 73: IDENTIKEY Server Configuration Wizard License Window Image 74: IDENTIKEY Server Configuration Wizard Server Functionality Window Image 75: IDENTIKEY Server Configuration Wizard - Active Directory Pre-requisites Window Image 76: IDENTIKEY Server Configuration Wizard DIGIPASS Configuration Domain Window Image 77: IDENTIKEY Server Configuration Wizard Active Directory Certificate Authority Window Image 78: IDENTIKEY Server Configuration Wizard First Administrator Window Image 79: IDENTIKEY Server Configuration Wizard Sensitive Data Encryption Window Image 80: IDENTIKEY Server Configuration Wizard Custom Data Encryption Window Image 81: IDENTIKEY Server Configuration Wizard Load Data Encryption Window Image 82: IDENTIKEY Server Configuration Wizard SSL Server Certificate Window Image 83: IDENTIKEY Server SSL Server Certificate Details window Image 84: IDENTIKEY Server SSL Server Certificate Selection window Image 85: IDENTIKEY Server RADIUS TLS Server Certificate Selection Image 86: IDENTIKEY Server RADIUS SSL Server Certificate Details Image 87: IDENTIKEY Server RADIUS SSL Server Certificate Selection Image 88: IDENTIKEY Server Configuration Wizard - Automatic Server Location Support Image 89: IDENTIKEY Server Configuration Wizard Web Admin Client Window Image 90: IDENTIKEY Server Configuration Wizard Sample SDK Web Client Window Image 91: IDENTIKEY Server Configuration Wizard Domain Service Account Window Image 92: IDENTIKEY Server Configuration Wizard Confirmation Window Image 93: IDENTIKEY Server Configuration Wizard Summary Window Image 94: IDENTIKEY Server Configuration Wizard Confirmation Window Image 95: IDENTIKEY Server Installation Complete Window Image 96: IDENTIKEY Server Configuration Wizard - Active Directory Extension window Image 97: IDENTIKEY Server Configuration Wizard Allow Schema Updates window Image 98: IDENTIKEY Server Configuration Wizard Wait AD Schema Replication window Image 99: IDENTIKEY Server Installation Custom Setup Window Image 100: Windows Start Menu showing location of Active Directory Users and Computers Image 101: My Computer - Manage Image 102: IDENTIKEY Server Computer Management console Image 103: Administration Web Interface login Image 104: Apache Tomcat memory pool Image 105: Location of struts.properties file Image 106: IDENTIKEY Server Administrator properties

8 Table of Contents Image 107: IDENTIKEY Server Self Management Website home page Image 108: IDENTIKEY Server Installation Welcome Window Image 109: IDENTIKEY Server Data Storage Window Image 110: IDENTIKEY Server 3.2 Upgrade Window Image 111: IDENTIKEY Server 3.2 Upgrade Window Image 112: IDENTIKEY Server Installation License Agreement Window Image 113: IDENTIKEY Server Installation Custom Setup window Image 114: IDENTIKEY Server Installation Ready to Install window Image 115: IDENTIKEY Server 3.2 Upgrade Window Image 116: IDENTIKEY Server 3.2 Upgrade Window Image 117: IDENTIKEY Server Configuration Wizard - Start Page Image 118: IDENTIKEY Server Configuration Wizard - Update Schema Page Image 119: IDENTIKEY Server Configuration Wizard - License Page Image 120: IDENTIKEY Server Configuration Wizard - Server Functionality Page Image 121: IDENTIKEY Server Configuration Wizard - Server Location Page Image 122: IDENTIKEY Server Configuration Wizard - RADIUS SSL Server Certificate Page Image 123: IDENTIKEY Server Configuration Wizard - Confirmation Page Image 124: IDENTIKEY Server Configuration Wizard - Start Page

9 Introduction 1 Introduction This Installation Guide is designed to provide you with the information you will need in order to install IDENTIKEY Server. It will guide you through preparation, installation and post-installation tasks which may be required for your system. 1.1 Software Components IDENTIKEY Server consists of various components, some necessary and some optional Required Components IDENTIKEY Server The IDENTIKEY Server is a server component that performs authentication, signature validation, administration and provisioning tasks. It runs as a Windows service. Data Store The following data stores are supported: ODBC either the embedded PostgreSQL database supplied with IDENTIKEY Server, or your own Active Directory Web Administration Interface Allows all IDENTIKEY Server data store administration tasks to be carried out over a web interface Optional Components Embedded Database An embedded PostgreSQL database is available for use with IDENTIKEY Server. Embedded Web Application Server Apache Tomcat may be installed as the embedded web application server for the Web Administration Interface. Virtual DIGIPASS Message Delivery Component This is a Service that is responsible for delivering One Time Passwords through a text message HTTP gateway to a User s mobile phone. 9

10 Introduction DIGIPASS TCL Command-Line Administration Administration may also be carried out using DIGIPASS TCL Command-Line Administration Utility, which allows interactive command-line and scripted administration of IDENTIKEY Server data. Audit Viewer The Audit Viewer is a GUI application that can display and filter audit messages from the IDENTIKEY Server. It can read the data from text files and ODBC databases or receive a live feed from the IDENTIKEY Server. OTP Request Site This is a miniature web site that allows a User to request a Virtual DIGIPASS OTP to be sent to their mobile phone. User Self Management Web Site This is a miniature web site that allows Users to make appropriate changes to their own DIGIPASS settings, such as PIN changes. This is used in a RADIUS environment, when the normal authentication requests are made using a CHAP-based protocol and therefore PIN changes and other 'self-management' features are not possible DIGIPASS Authentication for Windows Logon DIGIPASS Authentication for Windows Logon is a separate module which integrates VASCO's two-factor authentication into Windows logins. It requires extra licensing to be supported in IDENTIKEY Server. For more information on this module, see the DIGIPASS Authentication for Windows Logon Product Guide IDENTIKEY Server SDK The Software Development Kit allows creation of custom SOAP clients and authentication engines, using the SOAP interface. This is an upgrade add-on to IDENTIKEY Server and will only be available for installation if it has been purchased. It requires a separate installation program Data Migration Tool The VASCO Data Migration Tool is a general-purpose utility that allows you to migrate your data from one VASCO product to another. It requires a separate installation Password Synchronization Manager Password Synchronization Manager (PSM) is a product that is installed on the domain controller which allows a change of the Windows Password to be automatically updated on IDENTIKEY Server. The new Windows password will be reflected as the static password on IDENTIKEY Server 10

11 Introduction LDAP Synchronization User information on IDENTIKEY Server can be synchronized with external LDAP databases by using the LDAP Synchronization Tool. See the LDAP Synchronization Tool Guide for more details. 11

12 Introduction 1.2 System Requirements Server Component IDENTIKEY Server requires: Windows Server 2008 (32-bit or 64-bit) with Service Pack 2 or above Windows Server 2008 R2 (64-bit only) Windows Vista (32-bit) with Service Pack 2 or above Windows XP (32-bit) with Service Pack 3 or above Windows Server 2003 (32-bit or 64-bit) with Service Pack 2 or above Windows Server 2003 R2 (32-bit or 64-bit) with Service Pack 2 or above Windows Small Business Server 2003 with Service Pack 1 or above Windows Small Business Server 2008 (64-bit only) with Service Pack 2 or above Web Administration Interface The Web Administration Interface can be run on any Java web application server running: Java Runtime Environment version 6.0 or above Java Server Pages version 2.0 or above Java Servlets version 2.4 or above It has been tested primarily on Apache Tomcat 6.0. It is compatible with most common browsers. It has been tested on: Internet Explorer 7.0 Internet Explorer 8.0 Mozilla Firefox 3.5 and higher The Administration Web Interface can be run on the following operating systems: Windows Server 2008 (32-bit or 64-bit) with Service Pack 2 or above Windows Server 2008 R2 (64-bit only) Windows Vista (32-bit) with Service Pack 2 or above Windows XP (32-bit) with Service Pack 2 or above Windows 2003 (32-bit or 64-bit) with Service Pack 2 or above Windows 2003 R2 (32-bit or 64-bit) with Service Pack 2 or above 12

13 Introduction Other Components The Message Delivery Component, Audit Viewer and DIGIPASS TCL Command-Line Administration require: Windows Server 2003 (32-bit or 64-bit) with Service Pack 2 or above Windows Server 2003 R2 (32-bit or 64-bit) with Service Pack 2 or above Windows XP Professional (32-bit) with Service Pack 3 or above Windows Vista (32-bit) with Service Pack 1 or above Windows Server 2008 (32-bit or 64-bit) GUI version with Service Pack 2 or above Windows Small Business Server 2003 with Service Pack 1 or above Windows Small Business Server 2008 (64-bit only) with Service Pack 2 or above The Request OTP and User Self Management Websites require any web server capable of running CGI Requirements Specific to Active Directory DIGIPASS Extension for Active Directory Users and Computers Active Directory Users and Computers Snap-In Active Directory set up for SSL In the following cases, SSL must be available for IDENTIKEY Server components to connect to Active Directory: IDENTIKEY Server not installed on a Domain Controller. Administration Interfaces not installed on a Domain Controller. IDENTIKEY Server and/or Administration Interface(s) on a Domain Controller, but accessing data in another domain. An Enterprise Certificate Authority must be installed in the forest to enable SSL. Windows Certificate Services is available as an optional Windows component. However, if you do not wish to install a CA, you can select during installation not to use SSL. Prerequisites 1. If Active Directory is installed on a Windows 2003 machine and it is being managed using a Windows XP machine, you will have to download the Admin Pack from the Microsoft website and install it on the XP machine. 2. If Active Directory is installed on a Windows 2008 machine, and it is being managed using a Windows Vista machine, Vista SP1 must be downloaded from the Microsoft website and installed on the Vista machine. Then the Remote Server Administration Tools package must be downloaded from the Microsoft website and installed and enabled on the Vista machine. 13

14 Introduction Requirements Specific to ODBC Database IDENTIKEY Server will support most modern ODBC-compliant relational, transactional databases. It has been tested on the following databases: Oracle 11g Microsoft SQL Server 2005 Full Enterprise Edition and Express 2008 Full Enterprise Edition and Express DB2 8.1 (Windows Only) 9.1 PostgreSQL 8.3 Note Please note that when setting up a DB2 database, the page size should be set to at least 8192k. A smaller page size will create an error when IDENTIKEY Server attempts to connect to the database Hardware Security Module The following Hardware Security Modules are supported by IDENTIKEY Server: Safenet ProtectServer Gold Safenet ProtectServer Internal-Express Safenet ProtectServer Orange If a Hardware Security Module is to be used with the following software, SafeNet software is required on the machine on which IDENTIKEY Server will be installed: Network or PCI Access Provider v4.00 ProtectToolKit C Runtime Library v Language IDENTIKEY Server is designed to function on any language version of the supported operating systems. However, the product has only been comprehensively tested on English language versions. 14

15 Introduction 1.3 Available Guides The following IDENTIKEY Server guides are available: Product Guide The Product Guide will introduce you to the features and concepts of IDENTIKEY Server and the various options you have for using it. Getting Started Guide The Getting Started Guide will lead you through a standard setup and testing of key IDENTIKEY Server features. Windows Installation Guide Use this guide when planning and working through an installation of IDENTIKEY Server in a Windows environment. Linux Installation Guide Use this guide when planning and working through an installation of IDENTIKEY Server in a Linux environment. Administrator Reference In-depth information required for administration of IDENTIKEY Server. This includes references such as data attribute lists, backup and recovery and utility commands. Performance and Deployment Guide Contains information on common deployment models and performance statistics. Help Files Context-sensitive help accompanies the Administration Web Interface and DIGIPASS Extension for Active Directory Users and Computers. IDENTIKEY Server SDK Programmers Guide In-depth information required to develop using the SDK. 15

16 Pre-installation Tasks 2 Pre-installation Tasks This section outlines the preparation that you need to do before installing IDENTIKEY Server. Please note that to perform pre-installation and installation tasks you must be logged in as Administrator on the system where IDENTIKEY Server is to be installed.the administrator User ID must be a built-in Administrator, not a normal User ID with administrator privileges. 2.1 IDENTIKEY Server Component The following tasks must be completed before installing the IDENTIKEY Server on a machine Data Store Type Before starting other pre-install tasks, you must decide on the type of data store to be used. Microsoft Active Directory Integrate DIGIPASS-related data with Active Directory and Windows user accounts using the Active Directory Users and Computers Snap-In. Embedded Database A PostgreSQL database may be installed with IDENTIKEY Server. Note If you will be installing IDENTIKEY Server with the embedded PostgreSQL database, you will need to run the installation on the machine itself, rather than via Remote Desktop or another remote connection. Other ODBC Database Include DIGIPASS-related data in a new or existing ODBC database. The database may be located on any machine to which the IDENTIKEY Server can connect Master Domain IDENTIKEY Server has the concept of a Master Domain. This domain has special significance in two ways: It is used as the default domain, when no domain is specified. Only Administrators in the Master Domain may be assigned the privilege to view data from all domains. Administrators in other domains will only ever be able to view data in their own domain. 16

17 Pre-installation Tasks The default name for the Master Domain is master. If you prefer to use another name, you will need to enter this name during the Configuration Wizard User ID and Domain Name Conversion The IDENTIKEY Server may be configured to handle User IDs and domain names in a number of ways. It is important that these are set up before data is added to the database. Before installing, decide which settings to use. Case-sensitivity The IDENTIKEY Server may be configured to save and retrieve User IDs and domain names in lower case, upper case or with no conversion (data is saved or searched on exactly as entered). The configuration required will depend on your company's requirements and the capabilities of the database used as the data store. See the Encoding and Case-Sensitivity topic in the Administrator Reference for more information. The case conversion of User IDs and domain names is set using the Configuration Wizard immediately after installation, or by running the IDENTIKEY Server Configuration utility at any time afterwards. Caution Changing case conversion after the initial configuration may require modification of all User IDs and domain names in the data store. Windows name resolution Enable Windows Name Resolution to allow the IDENTIKEY Server to use Windows functionality to resolve a UserID as entered during a login into a User ID and Domain. This feature is recommended if all User accounts correspond to Windows (Active Directory) User accounts. If they do not correspond, the feature will not be suitable. Windows Name Resolution works well with Dynamic User Registration. See the Product Guide for more information System Clock The IDENTIKEY Server requires that: Your server s time is set correctly in relation to GMT, and The time zone and daylight savings indicators are set correctly. All machines hosting the IDENTIKEY Server component must be very closely clock-synchronized Domain Name Services If DIGIPASS Authentication for Windows Logon will be in use with the IDENTIKEY Server, you may need a reverse 17

18 Pre-installation Tasks zone implemented, with a PTR record existing for each client Windows machine. This is required for Dynamic Component Registration Embedded PostgreSQL Database Local Users Group Permissions If the local Users group has restricted permissions on the Program Files directory, the installation of the PostgreSQL database may fail. To avoid this problem, two options are available: Set the required permissions for the local Users group Create the PostgreSQL service account before installation and set the required permissions for it (it is usually created automatically during installation) The PostgreSQL service account requires a User ID of dppostgres and password of p!ss&0rd. The permissions required for the Program Files directory are: Read & Execute List Folder Contents Read User Self Management Website If the Self Management website is to be installed on Windows 2008, please note the following : 1. When adding the IIS role, the 'IIS Backwards Compatibility with IIS6' feature must be installed and enabled. 2. The 'CGI' feature must be selected when installing IIS on Windows 2008 to enable the User Admin web sites to function correctly. 18

19 Set Up Data Store for IDENTIKEY Server 3 Set Up Data Store for IDENTIKEY Server IDENTIKEY Server may use either Microsoft's Active Directory or an ODBC-compliant database as its data store. The data store is selected during installation. Active Directory If IDENTIKEY Server will use Active Directory as its data store, the steps in 3.2 Active Directory must be followed before installing IDENTIKEY Server. ODBC Database If IDENTIKEY Server will use the embedded PostgreSQL database as its data store, no specific database setup is required before installing IDENTIKEY Server. If IDENTIKEY Server will use another ODBC database as its data store, then follow the steps in 3.1 ODBC Database before installing IDENTIKEY Server. 19

20 Set Up Data Store for IDENTIKEY Server 3.1 ODBC Database The following steps must only be followed if IDENTIKEY Server will be using an ODBC database other the embedded PostgreSQL database as its data store. If IDENTIKEY Server will be using the embedded database, setup is automatic during installation and configuration Checklist Decisions The following checklist contains the key decisions to make before you start: Database Location and Setup A number of decisions may be required for the ODBC database to be used: The server on which the database will be located. Will the data for the IDENTIKEY Server will be stored in a new database, or added to an existing database? Will a new schema be used? New Database Decide the collation sequence to be used for example, case-sensitivity. Database User Accounts Create or select database user accounts for: Modifying the database schema (database administrator account required). IDENTIKEY Server (see the Administrator Reference for details on the permissions required). If using Microsoft SQL Server, extra steps must be undertaken if using Windows Native Authentication. See 3.4 Microsoft SQL Server using Windows Native Authentication for details Modify Database Structure DPDBADMIN Utility If the embedded ODBC database is not being used, the addschema command must be run to set up the required schema in the database to be used for IDENTIKEY Server. The addschema command can be run manually before starting the installation, or you can rely on the Configuration Wizard to run the command. How the addschema command is run will depend on the security settings on your datastore, and your company's data security processes. To run the addschema command manually: 1. Copy dpdbadmin.exe from the CD-IMAGE\Software\Windows\X86 or amd64\utilities\dpdbadmin directory on the installation CD or zip file onto the computer from which the database can be accessed. 20

21 Set Up Data Store for IDENTIKEY Server 2. Create an ODBC Data Source for the database on the computer, if one does not currently exist. 3. Open a command prompt in the location to which it was copied. 4. Enter: dpdbadmin addschema u user_id p password -d dsn Ensure that the User ID and password used are that of the database administrator account. 5. Wait several minutes for the Schema extensions to replicate throughout the system. Use the checkschema command to check if the schema updates have been completed. Do not continue with the installation until a clean checkschema result is obtained. dpdbadmin checkschema u user_id p password -d dsn For further details on DPDBADMIN, see 14 Extend Data Store Schema. Permissions If the database user account used by the IDENTIKEY Server is not the owner of the tables and is not a database administrator account, it must be granted permissions for the tables, or ownership of the tables transferred. Note Ensure that it is possible for the account(s) mentioned to reference the tables by name without a schema prefix. If this cannot be done, see the Administrator Reference for advanced setup instructions. 3.2 Active Directory Checklist Decisions The following checklist contains the key decisions to make before you start: Approve the Schema Extensions If your company has an approval process to go through for extensions to the Active Directory Schema, then go through this process. Enterprise Root Certificate Server If a new Certificate Server is required, and your company requires an approval process to be followed to install one, go through this process. Identify the DIGIPASS Configuration Domain Either identify an existing Domain or sub-domain into which the DIGIPASS Configuration Container should be added, or plan to create a new one. 21

22 Set Up Data Store for IDENTIKEY Server Domain Administrator Select a Domain Administrator account in the DIGIPASS Configuration Domain to use in installing IDENTIKEY Server. Installation Location Decide where to install the IDENTIKEY Server. If you are installing with the purpose of going through a basic evaluation process, installing onto a Domain Controller is recommended. This will mean that SSL will not need to be set up in order for the IDENTIKEY Server to function Active Directory Setup The schema changes using the addschema command can be run manually before starting the installation, or the Configuration Wizard can run the command during configuration. If the schema changes have been made before the Configuration Wizard is run, the Configuration Wizard will detect this and will not run the schema extension a second time. How you choose to make the schema changes will depend on the security settings on your datastore, and your company's data security processes If you allow the Configuration Wizard to make the schema changes, you will have to wait while the schema changes are applied, and wait while replication of the changes occurs across all domains. You will only be able to continue with the Configuration Wizard after the schema changes have been applied and replicated. To manually run the addschema command to extend the Active Directory schema: 1. Log into the Schema Master as a member of the Schema Administrators group. 2. Copy dpadadmin.exe from the CD-IMAGE\Software\Windows\X86 or amd64\utilities\dpadadmin installation directory on the installation CD onto the Schema Master 3. Open a command prompt in the location to which it was copied. 4. Type: dpadadmin addschema -v 5. If DPADadmin detects that Schema extensions are not currently permitted, it will prompt you whether to enable them or not. Enter y to enable them, or n to cancel. 6. Wait several minutes for the Schema extensions to replicate to all the domains and for the local Domain Controller to update its internal data caches. Use the dpadadmin checkschema command to check if the schema updates have been completed. Do not continue with the installation until a clean checkschema result is obtained. See the Schema Extensions section of the IDENTIKEY Server Administrator Reference for details of what is changed when the schema is extended SSL Setup The IDENTIKEY Server can use SSL when communicating with Active Directory. For this to work correctly, an 22

23 Set Up Data Store for IDENTIKEY Server Enterprise root Certificate Authority must exist in the forest. It may be installed on any server in the forest, if the server selected is available to the Domain Controller(s) used by the IDENTIKEY Server. Alternatively, an option is provided during installation to not use SSL in communications between the IDENTIKEY Server and Active Directory. If LDAP SSL will be disabled, no Certificate Authority is required If not already available, install Certificate Services on the selected machine. This is a Windows component you may need access to the original Windows installation files or CD/DVD. 2. Generate the Enterprise root CA certificate. 3. You may need to wait several minutes to allow the Domain Controllers to enrol for Domain Controller certificates. Serial Number and Maintenance ID You must have a product Serial Number and a company Maintenance ID unless you are installing an evaluation version of IDENTIKEY Server. If these have not been issued to you, contact your VASCO supplier. 3.4 Microsoft SQL Server using Windows Native Authentication If you intend to use Microsoft SQL Server using Windows Native Authentication, the following rules must be observed: 1. The User account of the IDENTIKEY Server service must be changed to a User account which is a member of a domain of which both Microsoft SQL Server and IDENTIKEY Server are members. 2. The appropriate permissions must be added to the Microsoft SQL Server User mentioned above. 23

24 Start IDENTIKEY Server Installation 4 Start IDENTIKEY Server Installation The installation program will guide you through installing IDENTIKEY Server and the initial configuration necessary to get it operational. It will launch one or more Windows Installers (MSI) followed by the IDENTIKEY Server Configuration Wizard. Note If you are running the installation on Microsoft Windows Vista or Microsoft Windows 2008 core, the windows shown in this guide may look slightly different to those displayed onscreen, but the procedure will be the same. Image 1: IDENTIKEY Server Installation Welcome Window 1. If autorun is enabled on the installation machine the installer will start up when the CD is inserted. If it does not start automatically then double click on autorun.exe. The Welcome window will be displayed. 2. Click Install Identikey Server 3.2 to start the installation. The Welcome window will be displayed. 24

25 Start IDENTIKEY Server Installation Image 2: IDENTIKEY Server Installation Welcome Window 3. Click Next to continue. The three subsequent chapters cover the three types of installation scenario. Choose the instructions to follow depending on which type of installation you wish to perform: Basic installation, using the embedded PostgreSQL database as data store see 5 Install IDENTIKEY Server in Basic Mode ODBC Advanced installation, using an ODBC-compliant database as data store see 6 Install IDENTIKEY Server in Advanced mode - ODBC Advanced installation, using Active Directory as data store see 7 Install IDENTIKEY Server - Active Directory 4.1 Tomcat Upgrade If the IDENTIKEY Server Installer detects the presence of an earlier version of Tomcat than the version it requires (currently Tomcat 6.0) it will upgrade Tomcat to the latest version required. This process will be the same for any type of IDENTIKEY Server Installation. 4. To upgrade Tomcat: a. Click on Upgrade Tomcat 6.0. An alert will be displayed, asking if you wish to uninstall the previous version of Tomcat. 25

26 Start IDENTIKEY Server Installation b. Click on Yes. A Windows warning window may be displayed. Click on Yes. The progress of the installation will be displayed. When the Tomcat upgrade is finished, the Identikey Setup window will be displayed. Image 3: IDENTIKEY Server Setup Window 26

27 Install IDENTIKEY Server in Basic Mode ODBC 5 Install IDENTIKEY Server in Basic Mode ODBC There are two installation modes available - Basic and Advanced. If you do not wish to use default installation and configuration settings, follow the instructions in 6 Install IDENTIKEY Server in Advanced mode - ODBC. 5.1 Basic Installation Mode Basic Installation will install the following: IDENTIKEY Server PostgreSQL database Administration Web Interface Apache Tomcat Java JRE Message Delivery Component (MDC) Audit Viewer After the IDENTIKEY Server has been installed the Configuration Wizard will be started up in Basic mode, which means that there will be limited configuration choices, with many settings set to default values. Note Only the embedded PostgreSQL database is available in Basic Installation mode. 27

28 Install IDENTIKEY Server in Basic Mode ODBC 5.2 Basic Installation 1. The Installation Type window will be displayed. Image 4: IDENTIKEY Server Installation - Installation Type Window 2. Select Basic Installation. 3. Click Next. The End-User License Agreement screen will be displayed. 28

29 Install IDENTIKEY Server in Basic Mode ODBC Image 5: IDENTIKEY Server Installation -License Agreement Window 4. Read the agreement carefully. 5. To accept the License Agreement, check the box I agree to the terms in the License Agreement and click Next. To print the agreement, click Print. If you do not accept the License Agreement, and click Cancel, the install will terminate. The Select Installation Path window will be displayed. 29

30 Install IDENTIKEY Server in Basic Mode ODBC Image 6: IDENTIKEY Server Installation - Select Installation Path Window 6. If you want to install the IDENTIKEY Server somewhere other than the default location, use the browse button to indicate where. 7. Click Next to continue. The Installation Progress window will be displayed. 30

31 Install IDENTIKEY Server in Basic Mode ODBC Image 7: IDENTIKEY Server Installation - Installation Progress Window 8. Click on Install. The IDENTIKEY Server installation will begin. 31

32 Install IDENTIKEY Server in Basic Mode ODBC Image 8: IDENTIKEY Server Installation - Installation Progress Window The Installer will install each component in turn, checking each one off on the Installation Progress window as it goes. 32

33 Install IDENTIKEY Server in Basic Mode ODBC Image 9: IDENTIKEY Server Installation - Installation Progress Window - PostgreSQL When the Installer gets to the Run configuration Wizard step, the IDENTIKEY Server Configuration Wizard will be started automatically. The Installer runs a contracted version of the wizard, which uses default values for some settings. 33

34 Install IDENTIKEY Server in Basic Mode ODBC Image 10: IDENTIKEY Server Configuration Wizard - Start Window 9. Click Next to continue. The IP Address window will be displayed. 34

35 Install IDENTIKEY Server in Basic Mode ODBC Image 11: IDENTIKEY Server Configuration Wizard - IP Address Window 10. Select the IP address for the IDENTIKEY Server. 11. Click Next. 12. Next The Licence Key window will be displayed. 35

36 Install IDENTIKEY Server in Basic Mode ODBC Image 12: IDENTIKEY Server Configuration Wizard - License Window 13. To load a license file you must first have downloaded it from the VASCO website. If you have not done that you can do it now by clicking the Request a License Key button. You can also copy the URL to the clipboard if you wish to download the license later, by clicking Copy URL to Clipboard. If you already have a license key file, you can load it by navigating to the file using the... button. You can continue without loading a license key file, but you must load one before you can start to use IDENTIKEY Server. Click Next to continue. The Server Functionality window will be displayed. Click Next to continue. Note The 'Request a License Key' button will not be available for Windows 2008 Core, as there is no browser available to load the web site. To obtain a license from vasco.com for Windows 2008 Core you will have to download the license on another machine and copy it across to the Windows 2008 Core machine. 36

37 Install IDENTIKEY Server in Basic Mode ODBC Image 13: IDENTIKEY Server Configuration Wizard - Server Functionality Window The functionality that is permitted by the license loaded on the previous window is selected by default. 14. Click to de-select any functions not required. 15. Click Next to continue. The First Administrator window will be displayed. 37

38 Install IDENTIKEY Server in Basic Mode ODBC Image 14: IDENTIKEY Server Configuration Wizard - First Administrator Window 16. Enter a User ID and Password. Confirm the password and click Next to continue to the SSL Server Certificate Details screen. 38

39 Install IDENTIKEY Server in Basic Mode ODBC Image 15: IDENTIKEY Server Configuration Wizard - Server Certificate Window 17. Enter a Password for the SSL Server Certificate and confirm it. Select the Signature Algorithm from the dropdown list. The certificate generated here is also used for RADIUS, SEAL and SOAP. See 15 SSL Server Certificate Encryption Algorithms for information about the selections for this field. Click Next to continue to the RADIUS Topology page. 39

40 Install IDENTIKEY Server in Basic Mode ODBC Image 16: IDENTIKEY Server Configuration Wizard - RADIUS Topology Window 18. Select the format of RADIUS topology required. a. If no RADIUS configuration is required, select it then clicki Next to take you to the Confirmation window. b. If IDENTIKEY Server as a standalone RADIUS server is selected, clicking Next will display the RADIUS Client screen will be displayed. Enter the Location of the RADIUS server, and the shared secret. Confirm the shared secret. 40

41 Install IDENTIKEY Server in Basic Mode ODBC Image 17: IDENTIKEY Server Configuration Wizard - RADIUS Client Window c. If IDENTIKEY Server in front of RADIUS server is selected, clicking Next will display the RADIUS Client screen Enter the Location of the RADIUS server, and the shared secret. Confirm the shared secret. Click Next, and the RADIUS Server window will be displayed. 41

42 Install IDENTIKEY Server in Basic Mode ODBC Image 18: IDENTIKEY Server Configuration Wizard - RADIUS Server Window Enter the details required to define the RADIUS server: Authentication IP Address IP address on which the RADIUS Server receives authentication requests. Authentication Port UDP Port on which the RADIUS Server receives authentication requests Accounting IP Address IP address on which the RADIUS Server receives accounting requests Accounting Port UDP Port on which the RADIUS Server receives accounting requests Shared Secret Shared Secret between the and the RADIUS server. Confirm Shared Secret Click Next to continue to the Confirmation window. 42

43 Install IDENTIKEY Server in Basic Mode ODBC Image 19: IDENTIKEY Server Configuration Wizard Confirmation 19. Check the details on the confirmation screen. If any changes are required, navigate back to the page using the Previous button and correct the entry. If no changes are required, click Next to continue to the Summary window. 43

44 Install IDENTIKEY Server in Basic Mode ODBC Image 20: IDENTIKEY Server Configuration Wizard Summary Window 20. A summary of the settings will be displayed. 21. Click Finish to complete the configuration. The Configuration Wizard will apply configuration settings to IDENTIKEY Server. It will also deploy the Administration Web Interface application to the Apache Tomcat web server and configure it to connect to the installed IDENTIKEY Server with a generated self-signed server certificate. The Import DPX files window will be displayed. 44

45 Install IDENTIKEY Server in Basic Mode ODBC Image 21: Import DPX Files Window 22. The Import DPX Files step is optional. To bypass this step, click Next to continue. To import a DPX file: a. Enter the location of the DPX file, or click Browse to navigate to the file. b. Enter the Transport Key, which will be supplied by VASCO to accompany the DPX file. c. Enter the User ID, password and Server IP for the IDENTIKEY Server that is being installed. d. Click Import to install the DPX file. When installation is complete, the Installation Completed window will be displayed. 45

46 Install IDENTIKEY Server in Basic Mode ODBC Image 22: IDENTIKEY Server Installation Complete Window 23. Click Finish when the installation is complete. 46

47 Install IDENTIKEY Server in Advanced mode - ODBC 6 Install IDENTIKEY Server in Advanced mode - ODBC Advanced Installation allows you to customize your installation and configuration in detail. If you wish to use only default installation and configuration options, see 5 Install IDENTIKEY Server in Basic Mode ODBC. 6.1 Advanced Installation The first window to be displayed will be the Install Type window. Image 23: IDENTIKEY Server Select Installation Type Window 1. Select the Advanced Installation option button. 2. Click Next. The Data Storage window will be displayed. 47

48 Install IDENTIKEY Server in Advanced mode - ODBC Image 24: IDENTIKEY Server Installation - Data Storage Window 3. Select the ODBC Database option button. 4. Click Next. The Select Components window will be displayed. 48

49 Install IDENTIKEY Server in Advanced mode - ODBC Image 25: IDENTIKEY Server Installation Select Components Window 5. Click the IDENTIKEY Server 3.2 button. The IDENTIKEY Server Setup Wizard start window will be displayed. 6. Click Next to continue. The License Agreement screen will be displayed. 49

50 Install IDENTIKEY Server in Advanced mode - ODBC Image 26: IDENTIKEY Server Installation License Agreement Window 7. Read the agreement carefully. 8. To accept the License Agreement, check the box I accept the terms in the License Agreement and click Next. If you do not accept the License Agreement, and click Cancel, the install process will terminate. The next screen to be displayed will be the Custom Setup Window. 50

51 Install IDENTIKEY Server in Advanced mode - ODBC 9. Select the features that you want to be installed by clicking on the icons on the window. Click the Reset button to reset all your choices. 10. Click Next to continue. Image 27: IDENTIKEY Server Installation Custom Setup window The Ready to Install IDENTIKEY Server window will be displayed. 11. Click Install to continue. The Installing IDENTIKEY Server progress window will be displayed. 51

52 Install IDENTIKEY Server in Advanced mode - ODBC Image 28:IDENTIKEY Server Installation Ready to Install IDENTIKEY Server window 12. Click the Next button to continue when it becomes available. 52

53 Install IDENTIKEY Server in Advanced mode - ODBC Image 29: Installing IDENTIKEY Server progress window 13. Click Finish to complete the installation of IDENTIKEY Server. The IDENTIKEY Server Setup Wizard finish window will be displayed. 53

54 Install IDENTIKEY Server in Advanced mode - ODBC Image 30: IDENTIKEY Server Setup Wizard Completed window 14. The Installer will install the component for each button that is selected. Each installation after the IDENTIKEY Server install is optional. 54

55 Install IDENTIKEY Server in Advanced mode - ODBC Image 31: IDENTIKEY Server Installation - Select Components window 15. When the Installer gets to the Run configuration Wizard step, click the Run Configuration Wizard button and the IDENTIKEY Server Configuration Wizard will be started. 16. The Start window will be displayed. Click Next to continue. 55

56 Install IDENTIKEY Server in Advanced mode - ODBC Image 32: IDENTIKEY Server Configuration Wizard - Start Window 17. The IP address will be displayed. 56

57 Install IDENTIKEY Server in Advanced mode - ODBC Image 33: IDENTIKEY Server Config IP Address Window 18. Select the IP address for the IDENTIKEY Server. Click Next to continue. The License window will be displayed. 57

58 Install IDENTIKEY Server in Advanced mode - ODBC Image 34: IDENTIKEY Server Configuration Wizard License Window 19. To load a license file you must first have downloaded it from the VASCO website. If you have not done that you can do it now by going to the web site specified, or by clicking the Request a License Key button. You can also copy the URL to the clipboard if you wish to download the license later, by clicking Copy URL to Clipboard. If you already have a license key file, you can load it by navigating to the file using the... button. You can continue without loading a license key file, but you must load one before you can start to use IDENTIKEY Server. Click Next to continue. The Server Functionality window will be displayed. Note The Request a Licence from 'vasco.com' button will not be available for Windows 2008 Core, as there is no browser available to load the web site. To obtain a licence from vasco.com for Windows 2008 Core you will have to download the licence on another machine and copy it across to the Windows 2008 Core machine. 58

59 Install IDENTIKEY Server in Advanced mode - ODBC Image 35: IDENTIKEY Server Configuration Wizard Server Functionality Window 20. The functions that are available on the Server Functionality window will be determined by your license. Click in the check box to either select or de-select an available function. Click Next to continue. The HSM selection window will be displayed. 59

60 Install IDENTIKEY Server in Advanced mode - ODBC Image 36: IDENTIKEY Server Configuration Wizard - HSM Window 21. If you wish to use a Hardware Security Module with IDENTIKEY Server: a. Select Use the available Hardware Security Module(s). b. Enter the location of the PKCS11 library file, typically named libcryptoki.dll. c. Click Next. d. Enter the HSM Storage details - storage key label, Slot ID, Token Label and Token pin. e. Click Next. f. Enter the HSM Sensitive data details - sensitive data key, Token Label and token pin. g. Click Next. See 6.2 Set Up a Hardware Security Modulefor further information on Hardware Security Module setup. If you do not wish to use a Hardware Security Module: a. Select Do not use a Hardware Security Module. b. Click Next. The Database Window will be displayed. 60

61 Install IDENTIKEY Server in Advanced mode - ODBC Image 37: IDENTIKEY Server Configuration Wizard Database Window 22. Select the ODBC Data Source name for the database that IDENTIKEY Server will use, and if required, a Username and Password. If you are using the PostgreSQL database supplied with IDENTIKEY Server, the Username and Password will be supplied in the background, and the fields will not be populated. Click Next to continue. The User ID/Domain conversion window will be displayed. 61

62 Install IDENTIKEY Server in Advanced mode - ODBC Image 38: IDENTIKEY Server Configuration Wizard - User ID/Domain conversion Window 23. Select the Case conversion format that you require. 24. Tick the Use Windows Name Resolution checkbox to enable IDENTIKEY Server to use Windows Name Resolution. This is recommended if Dynamic User Registration is to be enabled. 25. Click Next to continue. The Master Domain window will be displayed. 62

63 Install IDENTIKEY Server in Advanced mode - ODBC Image 39: IDENTIKEY Server Configuration Wizard - Master Domain Window 26. Enter the name of the Master Domain where the first administrator account will be created. 27. Click Next to continue. The First Administrator window will be displayed. The first administrator account can be used to login to IDENTIKEY Server (e.g. using the webadmin) and will have a full set of administrative privileges. 63

64 Install IDENTIKEY Server in Advanced mode - ODBC Image 40: IDENTIKEY Server First Administrator Window 28. Enter a User ID and password for the first administrator account. 29. Click Next to continue. The Sensitive Data Encryption window will be displayed. The Sensitive Data Encryption windows are only displayed if the HSM option has not been selected. 64

65 Install IDENTIKEY Server in Advanced mode - ODBC Image 41: IDENTIKEY Server Sensitive Data Encryption Window Select the form of Sensitive Data Encryption. Note If you will be using a custom encryption key for sensitive data, this should be set before DIGIPASS are imported to the 'live' version of the IDENTIKEY Server. See the Sensitive Data Encryption topic in the Administrator Reference for more information. 30. Selecting the Custom with embedded and custom key combination option will result in the Custom Data Encryption window being displayed. 65

66 Install IDENTIKEY Server in Advanced mode - ODBC Image 42: IDENTIKEY Server Custom Data Encryption Window If you select the Load From File option the Load Data Encryption window will be displayed. 66

67 Install IDENTIKEY Server in Advanced mode - ODBC Image 43: IDENTIKEY Server Load Data Encryption Window 31. With either of the above screens, click Next. The SSL Server Certificate Installation window will be displayed. 67

68 Install IDENTIKEY Server in Advanced mode - ODBC Image 44: IDENTIKEY Server SSL Server Certificate Installation Make your selection as to how to install an SSL certificate. 68

69 Install IDENTIKEY Server in Advanced mode - ODBC 32. If you select Generate and install a new test certificate (self-signed) the SSL Server Certificate Details window will be displayed. Image 45: IDENTIKEY Server Configuration Wizard SSL Server Certificate Details Window 33. a. Enter a Private key password for the new certificate. Confirm the password. b. Select the signature algorithm from the available algorithms in the drop-down box. See 15 SSL Server Certificate Encryption Algorithms for information about the selections for the Signature Algorithm. c. Click Next. If you select Install my own SSL certificate, the SSL Server Certificate Selection window will be displayed. 69

70 Install IDENTIKEY Server in Advanced mode - ODBC Image 46: IDENTIKEY Server Configuration Wizard SSL Server Certificate Selection Window To install your own certificate: a. Navigate to an SSL private key file. This file should contain only the private key, in PEM format. b. Enter the private key password. c. Navigate to the server certificate file. d. Navigate to an intermediate certificate bundle, in PEM format. Only use this field if if your certificate requires an intermediate bundle. e. Navigate to the Certificate Authority (CA) Certificate file and click OK. The Configuration Wizard will add the file to the Administration Web Interface's keystore. If a Certificate Authority certificate for the SSL Certificate is not available in the keystore, the Administration Web Interface will not be able to connect to the IDENTIKEY Server. f. 34. Click Next. The RADIUS SSL Server Certificate Installation window will be displayed. 70

71 Install IDENTIKEY Server in Advanced mode - ODBC Image 47: IDENTIKEY Server RADIUS TLS Server Certificate Selection Select the RADIUS SSL Server Certificate to use to secure RADIUS wireless connections. If Use the IDENTIKEY SSL Server certificate is selected,click Next to continue. If Generate and install a new test certificate (self-signed) is selected, the RADIUS SSL Server Certificate Details window will be displayed. 71

72 Install IDENTIKEY Server in Advanced mode - ODBC Image 48: IDENTIKEY Server RADIUS TLS Server Certificate Password 35. If Install my own SSL certificate is selected, the RADIUS SSL Server Certificate Selection page will be displayed. a. Enter a Private key password for the new certificate. Confirm the password. b. Select the signature algorithm from the available algorithms in the drop-down box. See 15 SSL Server Certificate Encryption Algorithms for information about the selections for this field. c. Click Next. If Install my own SSL certificate is selected, the RADIUS SSL Server Certificate Selection window will be displayed. 72

73 Install IDENTIKEY Server in Advanced mode - ODBC Image 49: IDENTIKEY Server RADIUS SSL Server Certificate Selection To install your own certificate: d. Navigate to an SSL private key file. This file should contain only the private key, in PEM format. e. Enter the private key password. f. Navigate to the server certificate file. g. Navigate to an intermediate certificate bundle, in PEM format. Only use this field if if your certificate requires an intermediate bundle. h. Click Next. The Automatic Server Location Support window will be displayed. 73

74 Install IDENTIKEY Server in Advanced mode - ODBC Select a DNS registration option from the drop-down menu: Image 50: IDENTIKEY Server Automatic Server Location Support To skip automatic DNS registration now, select No DNS Service registration. To use DNS service registration with a DNS server supporting Dynamic DNS: a. Select the DNS service registration with a DNS server supporting Dynamic DNS option. b. Enter the name of the DNS domain. c. Enter the host name of the IDENTIKEY Server machine. d. Select the priority for connections to the IDENTIKEY Server - Primary server or Backup server. To use DNS service registration with a DNS server supporting TSIG authentication: 36. a. Select the DNS service registration with a DNS server supporting Dynamic DNS with TSIG authentication option. b. Enter the name of the DNS domain. c. Enter the Fully Qualified Domain Name of the Target Host machine. d. Select the priority for connections to the IDENTIKEY Server - Primary server or Backup server. e. Enter the full path and filename for the shared key file. Click on Test Settings to test that the DNS server settings are correct. 74

75 Install IDENTIKEY Server in Advanced mode - ODBC The Configuration Wizard will test the connection and list the result on-screen. 37. Click Next to continue. The Deploy Administration Web Interface window will be displayed Image 51: IDENTIKEY Server Deploy Web Administration Interfaces Use this window to specify how the Administration Web Interface is to be deployed. Click Deploy and connect to the local IDENTIKEY Server to deploy the Administration Web Interface and connect it automatically to the IDENTIKEY Server on the same machine. Click Deploy and connect to a remote IDENTIKEY Server, and supply a remote server SOAP URL to connect the Administration Web Interface to an IDENTIKEY Server on a different machine. Click Connect to a remote Administration Web Interface client, and enter the IP address of the remote Administration Web Interface client to create an Administration Client Component record on the IDENTIKEY Server. Click Do not deploy Administration Web Interface to bypass this step and deploy at a later date. 38. Click Next to continue. The Sample SDK Client window will be displayed. 75

76 Install IDENTIKEY Server in Advanced mode - ODBC Image 52: IDENTIKEY ServerSample Web Client Window 39. Enter the IP address of a web client to be used by the Sample Web Pages in the SDK. This page is optional and only needs to be used if the SDK is to be installed. Click Next to continue. 76

77 Install IDENTIKEY Server in Advanced mode - ODBC Image 53: IDENTIKEY Server Configuration Wizard Summary Window 40. A summary of the settings will be displayed. Click Proceed to accept the settings and continue to the Confirmation page. 77

78 Install IDENTIKEY Server in Advanced mode - ODBC Image 54: IDENTIKEY Server Configuration Wizard Confirmation Window 41. Click Finish to complete the configuration. 42. The Select Components window will be displayed showing which components have been installed. 78

79 Install IDENTIKEY Server in Advanced mode - ODBC Image 55:Select Components completed Window 43. Click Next to continue. The Installation Completed window will be displayed. 79

80 Install IDENTIKEY Server in Advanced mode - ODBC Image 56:Installation Completed page 44. Click Finish to complete the installation. 80

81 Install IDENTIKEY Server in Advanced mode - ODBC 6.2 Set Up a Hardware Security Module Hardware Security Module Setup Pre-Requisites Software The following software must be installed on the HSM: Version 2.07 or higher of the SafeNet ProtectServer firmware The following software must be installed on the machine on which HSM administration tasks will be carried out: Network or PCI Access Provider v4.00 ProtectToolKit C Software Development Kit v4.00 Protect Processing Orange Software Development Kit v3.00 Administrator Account The setup process requires administration privileges in at least one administration token and one user token on the Hardware Security Module. Firmware Module The VACMAN Controller Firmware Module file aal2sdk.fm - should be copied to the machine on which the HSM administration will take place Configuration Hardware Security Module 1. Install the Hardware Security Module, with the required drivers and libraries. Caution Ensure that the machine is restarted after the installation. VACMAN Controller Firmware To install VACMAN Controller Firmware Module in the Hardware Security Module: 2. Generate SSL certificate in the user slot: 81

82 Install IDENTIKEY Server in Advanced mode - ODBC a. At a command prompt, enter: ctcert c -s<userslotid> -k -z<keysize> -l<certificatename> where <UserSlotID> is the ID of the slot on which the certificate should be generated, <KeySize> is the length of private key required, and <CertificateName> is the name you want to give the certificate. KeySize must be at least b. 3. Enter the requested information. Transfer the certificate to admin slot: a. To do this via command prompt, enter: ctcert x -l<certificatename> -s<userslotid> -f<certexportfilename> ctcert i -f<certexportfilename> -s<adminslotid> -l<certificatename> where <CertificateName> is the name of the certificate that you entered when generating the certificate, <UserSlotID> is the ID of the slot in which the certificate was generated, <CertExportFileName> is the filename of the certificate, and <AdminSlotID> is the ID of the administration slot to which the certificate is being copied. 4. Mark the certificate as trusted: a. At a command prompt, enter: ctcert t -l<certificatename> -s<adminslotid> where <CertificateName> is the name of the certificate that you entered when generating the certificate, and <AdminSlotID> is the ID of the administration slot to which the certificate has been copied. 5. Use the trusted certificate to sign the VACMAN Controller Firmware Module: a. At a command prompt, enter: mkfm -k"<userslotlabel>(<pin>)/<certificatename>" -faal2sdk -oaal2sdk.fm where <UserSlotLabel> is the label for the user slot on which the certificate was generated, <PIN> is the administrator PIN for the token and <CertificateName> is the name of the certificate that you entered when generating the certificate. 6. Upload firmware module into HSM: a. At a command prompt, enter: ctconf -b<certificatename> -jaal2sdk.fm where <CertificateName> is the name of the certificate that you entered when generating the certificate Note Storage and Sensitive Data Keys cannot be created on the admin slot. 82

83 Install IDENTIKEY Server in Advanced mode - ODBC Create Storage Key 7. Using the Key Management Utility, create a secret key to use as IDENTIKEY Server's storage key. This will require an administrator login to the token. Note the token label and key label used. Required key attributes: double or triple DES encrypt enabled sensitive wrap and unwrap enabled private optional exportable optional if key backup in use All other options disabled Create Sensitive Data Key 8. Using the Key Management Utility, create a sensitive data key. This will require an administrator login to the token, and can be created in the same or different slot to the storage key created earlier. Note the token label and key label used. Required attributes: AES 128-bit encrypt enabled decrypt enabled sensitive Other attribute settings are optional. Replicate to required slots If using multiple Hardware Security Modules with IDENTIKEY Server, the keys created above must be replicated to the other HSMs. The following steps will require attributes specific to your HSM setup. Consult the PTK Administration Manual typical file name ptk_c_administration_manual_rev-c.pdf for more information. 9. Generate an identity keypair, using the ctident gen command. 10. Create a trust relationship, using the ctident trust command. 11. Replicate the token, using the ctkmu rt command. 83

84 Install IDENTIKEY Server in Advanced mode - ODBC IDENTIKEY Server Setup Pre-requisites The following software must be installed on the machine on which IDENTIKEY Server will be installed: Network or PCI Access Provider v4.00 ProtectToolKit C Runtime Library v Configuration 1. Ensure that licensing for IDENTIKEY Server includes Hardware Security Module functionality. 2. Install IDENTIKEY Server. 3. Configure HSM encryption and connection details in the IDENTIKEY Server Configuration Wizard: 4. a. Select Use the available Hardware Security Module(s) in the Hardware Security Module screen. b. Click on the Browse button and browse to the HSM connection library file. For Windows installations, this will typically be named cryptoki.dll and located in the PTKC runtime installation directory. For Linux installations, it will typically be named libcryptoki.so and copied automatically to the chroot environment the location will be provided by default. c. Click on Next. d. Enter the name of the storage key created earlier, and the slot ID in which it was created. e. If the key was set as private, enter the token label and PIN. f. Click on Next. g. Enter the name of the sensitive data key created earlier. h. If the key was set as private, enter the token label and PIN. i. Click on Next. j. Continue with IDENTIKEY Server configuration. Add environment variables: a. ET_HSM_NETCLIENT_READ_TIMEOUT_SECS set to value of 1 b. ET_HSM_NETCLIENT_WRITE_TIMEOUT_SECS set to value of 1 c. ET_HSM_NETCLIENT_CONNECT_TIMEOUT_SECS set to value of 1 84

85 Install IDENTIKEY Server - Active Directory 7 Install IDENTIKEY Server - Active Directory 7.1 Active Directory Scenario and Decisions. This 'typical installation' process uses the following decisions and scenario: Implementation Decisions The following decisions were taken for the purposes of this installation process: The Schema extensions have been approved. The DIGIPASS Configuration Domain has been identified as the existing sub-domain, test.dm3.vasco. The member server SVR of the sub-domain test.dm3.vasco will be used to install IDENTIKEY Server. This requires an Enterprise Certificate Authority to be installed in the forest, so that SSL is enabled. The instructions will take you through installing Windows Certificate Services onto a Domain Controller in the Forest Root domain. Note To perform the actions required to install IDENTIKEY Server you must be logged in as the Domain Administrator. The scenario A Domain dm3.vasco (this is the Forest Root Domain). A sub-domain test.dm3.vasco of dm3.vasco. The sub-domain acts as the DIGIPASS Configuration Domain and contains all the configuration data, including Policies and Components. A single Server SVR, a member server in the DIGIPASS Configuration Domain. A Domain Controller DC-02 acting as the Schema Master on dm3.vasco. Certificate Server will be installed on DC Extend Schema Run the addschema command: 1. Log into the machine from which schema changes will be made (DC-02). 2. Copy dpadadmin.exe onto the machine. 3. Open a command prompt in the location to which it was copied. 4. Type: 85

86 Install IDENTIKEY Server - Active Directory dpadadmin addschema 5. If DPADadmin detects that Schema extensions are not currently permitted, it will prompt you whether to enable them or not. Enter y to enable them, or n to cancel. 6. Wait several minutes for the Schema extensions to replicate to the sub-domain and for the local Domain Controller to update its internal data caches. To check, use the following command: dpadadmin checkschema 7.2 Install IDENTIKEY Server for Active Directory 1. The Installation Type window will be displayed. Image 57: IDENTIKEY Server Setup - Installation Type window 2. Click on the Advanced Installation option button. Click Next to continue. The Data Storage window will be displayed. 86

87 Install IDENTIKEY Server - Active Directory Image 58: IDENTIKEY Server Setup - Data Storage window 3. Select the Active Directory option button. 4. Click Next. 5. The DIGIPASS Extension for Active Directory Prerequisites page will be displayed. The functions on this page are optional, and need only be used if DIGIPASS and DIGIPASS User administration is to be performed on this machine. 87

88 Install IDENTIKEY Server - Active Directory Image 59: IDENTIKEY Server Setup DIGIPASS Extension for Active Directory Prerequisites window 6. If you wish to use the DIGIPASS Extension for Active Directory Users and Computers on this machine: a. If the.net 2.0 Framework is to be installed, click the.net 2.0 Framework button. The Microsoft.NET Framework 3.0 SP1 Setup window will be displayed. i Read the license and click to either accept or not accept the terms. ii Click Install to continue or Cancel to cancel the set up. 88

89 Install IDENTIKEY Server - Active Directory Image 60: Microsoft.NET license agreement. b. If the MMC 3.0 Framework is to be installed, click the MMC 3.0 Framework button. 89

90 Install IDENTIKEY Server - Active Directory Image 61: IDENTIKEY Server Setup DIGIPASS Extension for Active Directory Prerequisites window. The Software Update Installation Wizard for your operating system will be displayed. i Click Next to continue. The DIGIPASS Extension for Active Directory Prerequisites window will be displayed, showing the results of the installations. ii Click Next to continue. 90

91 Install IDENTIKEY Server - Active Directory Image 62: IDENTIKEY Server Setup DIGIPASS Extension for Active Directory Prerequisites installation complete window. c. If the IDENTIKEY Server is being installed on Microsoft Windows Vista or Microsoft Windows 2008, a hotfix provided by Microsoft must be installed to enable the Active Directory Users and Computers extension to work. If it is not already installed on the machine, the Active Directory Query Form Hotfix button will be enabled. Click this button to install the hotfix. Please note that the Active Directory Query Form Hotfix button will remain unavailable on any operating system other than Microsoft Windows Vista or Microsoft Windows The Select Components window will be displayed. 7. Click IDENTIKEY Server 3.2 to start the installation wizard. 91

92 Install IDENTIKEY Server - Active Directory Image 63: IDENTIKEY Server Setup - Select Components Window 8. The IDENTIKEY Server Setup Wizard start window will be displayed. Click Next to continue. 92

93 Install IDENTIKEY Server - Active Directory Image 64: IDENTIKEY Server Setup Wizard Start Page. The License Agreement screen will be displayed. 93

94 Install IDENTIKEY Server - Active Directory Image 65: IDENTIKEY Server Setup - License Agreement Window 9. Read the agreement carefully. 10. To accept the License Agreement, tick the I accept the terms in the License Agreement checkbox and click Next. If you do not accept the License Agreement, and click Cancel - the install will terminate. 11. To select the features that you want to be installed click on the icons on the window. Click the Reset button to reset all your choices. Click Next to continue. 94

95 Install IDENTIKEY Server - Active Directory Image 66: IDENTIKEY Server Setup - Custom Setup window 12. The Ready to Install IDENTIKEY Server window will be displayed. Click Install to continue. 95

96 Install IDENTIKEY Server - Active Directory Image 67: IDENTIKEY Server Setup - Ready to Install IDENTIKEY Server window The Installing IDENTIKEY Server progress window will be displayed. 13. Click the Next button to continue when it becomes available. 96

97 Install IDENTIKEY Server - Active Directory Image 68: Installing IDENTIKEY Server progress window The IDENTIKEY Server Setup Wizard finish window will be displayed. 14. Click Finish to complete the installation of IDENTIKEY Server. 97

98 Install IDENTIKEY Server - Active Directory Image 69: IDENTIKEY Server Setup Wizard finish window 15. The Installer will install the component for each button that is selected. Each installation after the IDENTIKEY Server install is optional. 98

99 Install IDENTIKEY Server - Active Directory Image 70: IDENTIKEY Server Installed Select Components 16. When the Installer gets to the Run Configuration Wizard step, click the Run Configuration Wizard button. The IDENTIKEY Server Configuration Wizard will be started. 17. Click Next to continue. 99

100 Install IDENTIKEY Server - Active Directory Image 71: IDENTIKEY Server Configuration Wizard Start Window 18. Click Next to continue. The IP Address window will be displayed. 100

101 Install IDENTIKEY Server - Active Directory Image 72: IDENTIKEY Server Configuration Wizard IP Address Window 19. Enter the IP address for the IDENTIKEY Server. Click Next to continue. The License window will be displayed. 101

102 Install IDENTIKEY Server - Active Directory Image 73: IDENTIKEY Server Configuration Wizard License Window 20. To load a license file you must first have downloaded it from the VASCO website. If you have not done that you can do it now by going to the web site specified, or by clicking the Request a License Key button. You can also copy the URL to the clipboard if you wish to download the license later, by clicking Copy URL to Clipboard. If you already have a license key file, you can load it by navigating to the file using the... button. You can continue without loading a license key file, but you must load one before you can start to use IDENTIKEY Server. Click Next to continue. The Server Functionality window will be displayed. Note The Request a License Key button will not be available for Windows 2008 Core, as there is no browser available to load the web site. To obtain a licence from vasco.com for Windows 2008 Core you will have to download the licence on another machine and copy it across to the Windows 2008 Core machine. 21. Click Next. The Server Functionality window will be displayed. 102

103 Install IDENTIKEY Server - Active Directory Image 74: IDENTIKEY Server Configuration Wizard Server Functionality Window The functions that are available on this window will be determined by your license. Those shown above are available by default. 22. Click in check boxes to either select or de-select the required functionality. 23. Click Next to continue. The Active Directory Prerequisites window will be displayed. 103

104 Install IDENTIKEY Server - Active Directory Image 75: IDENTIKEY Server Configuration Wizard - Active Directory Pre-requisites Window 24. If you have not extended the schema manually before starting the configuration, the Configuration Wizard will perform the extension for you. You must wait while this is done, and wait for replication to occur before continuing with the Configuration Wizard. See Active Directory ExtensionI for details of the addschema process. 25. If this is not the first IDENTIKEY Server to be installed, tick the This is NOT the first IDENTIKEY Server to be installed check box. Wait for the Active Directory changes made during the installation of the first IDENTIKEY Server to replicate fully. You must be logged into the machine as a Domain Administrator in the machine s Domain. 26. Click Next to continue. The DIGIPASS Configuration Domain window will be displayed. 104

105 Install IDENTIKEY Server - Active Directory Image 76: IDENTIKEY Server Configuration Wizard DIGIPASS Configuration Domain Window 27. Enter the fully qualified name of the Domain in which IDENTIKEY Server should store its configuration data. This domain must currently exist. 28. Click Next to continue. The Active Directory Certificate Authority window will be displayed. 105

106 Install IDENTIKEY Server - Active Directory Image 77: IDENTIKEY Server Configuration Wizard Active Directory Certificate Authority Window 29. Click on the Disable LDAP SSL option box if you want to disable LDAP SSL. If you do not want LDAP SSL to be disabled, the instructions in SSL Setup must be followed to ensure that LDAP SSL will work correctly. 30. Click Next to continue. The First Administrator window will be displayed. 106

107 Install IDENTIKEY Server - Active Directory Image 78: IDENTIKEY Server Configuration Wizard First Administrator Window 31. Enter a Domain for the first administrator if it is not the one shown, then enter the User ID and Password for the first administrator. Confirm the password and click Next. The Sensitive Data Encryption window will be displayed. 107

108 Install IDENTIKEY Server - Active Directory Image 79: IDENTIKEY Server Configuration Wizard Sensitive Data Encryption Window Note If you will be using a custom encryption key for sensitive data, this should be set before DIGIPASS are imported to the 'live' version of the IDENTIKEY Server. See the Sensitive Data Encryption topic in the Administrator Reference for more information. 32. To use IDENTIKEY Server's standard encryption settings: a. Select the Standard with embedded key option button b. Click on Next. To use custom encryption settings, either: 108

109 Install IDENTIKEY Server - Active Directory Image 80: IDENTIKEY Server Configuration Wizard Custom Data Encryption Window a. Select the Custom with embedded and custom key combination option button. b. Enter the Storage key. c. Select a cipher. OR 109

110 Install IDENTIKEY Server - Active Directory Image 81: IDENTIKEY Server Configuration Wizard Load Data Encryption Window 33. a. If you have created your own Data Encryption file, select the Load from file option. b. Browse to the file in this window. c. Enter the password. Click Next to continue. The SSL Server Certificate Installation window will be displayed. 110

111 Install IDENTIKEY Server - Active Directory Image 82: IDENTIKEY Server Configuration Wizard SSL Server Certificate Window Make your selection as to how to install an SSL certificate. 34. If you select Generate and install a new test certificate (self-signed) the SSL Server Certificate Details window will be displayed. 111

112 Install IDENTIKEY Server - Active Directory Image 83: IDENTIKEY Server SSL Server Certificate Details window 35. a. Enter a Private key password for the new certificate. Confirm the password. b. Select the signature algorithm from the available algorithms in the drop-down box. See 15 SSL Server Certificate Encryption Algorithms for information about the selections for this field. c. Click Next. If you select Install my own SSL certificate, the SSL Server Certificate Selection window will be displayed. 112

113 Install IDENTIKEY Server - Active Directory Image 84: IDENTIKEY Server SSL Server Certificate Selection window To install your own certificate: a. Navigate to an SSL private key file. This file should contain only the private key, in PEM format. b. Enter the private key password. c. Navigate to the server certificate file. d. Navigate to an intermediate certificate bundle, in PEM format. Only use this field if if your certificate requires an intermediate bundle. e. Navigate to the Certificate Authority (CA) Certificate file and click OK. The Configuration Wizard will add the file to the Administration Web Interface's keystore. If a Certificate Authority certificate for the SSL Certificate is not available in the keystore, the Administration Web Interface will not be able to connect to the IDENTIKEY Server. f. Click Next. A warning message will be displayed indicating that the administrator should update the trusted certificates configuration of the Administration Web Interface and any other SOAP client applications. 36. The RADIUS SSL Server Certificate Installation window will be displayed. 113

114 Install IDENTIKEY Server - Active Directory Image 85: IDENTIKEY Server RADIUS TLS Server Certificate Selection Select the RADIUS SSL Server Certificate to use to secure RADIUS wireless connections. If Use the IDENTIKEY SSL Server certificate is selected,click Next to continue. 37. If Generate and install a new test certificate (self-signed) is selected, the RADIUS SSL Server Certificate Details window will be displayed. 114

115 Install IDENTIKEY Server - Active Directory Image 86: IDENTIKEY Server RADIUS SSL Server Certificate Details 38. a. Enter the private key password and confirm. b. Select the Signature Algorithm to use for the certificate from the drop-down list. c. Click Next. If Install my own SSL certificate is selected, the RADIUS SSL Server Certificate Selection page will be displayed. 115

116 Install IDENTIKEY Server - Active Directory Image 87: IDENTIKEY Server RADIUS SSL Server Certificate Selection To install your own certificate: 39. a. Navigate to an SSL private key file. This file should contain only the private key, in PEM format. b. Enter the private key password. c. Navigate to the server certificate file, in base 64 encoding. d. Navigate to an intermediate certificate bundle, in PEM format. Only use this field if if your certificate requires an intermediate bundle. e. Click Next. Click Next to continue. The Automatic Server Location Support window will be displayed. 116

117 Install IDENTIKEY Server - Active Directory Image 88: IDENTIKEY Server Configuration Wizard - Automatic Server Location Support To skip automatic DNS registration now, select No DNS Service registration. To use DNS service registration with a DNS server supporting Dynamic DNS: a. Select the DNS service registration with a DNS server supporting Dynamic DNS option. b. Enter the name of the DNS domain. c. Enter the IP address of the Target Host machine. d. Select the priority for connections to the IDENTIKEY Server - Primary server or Backup server. To use DNS service registration with a DNS server supporting TSIG authentication: a. Select the DNS service registration with a DNS server supporting Dynamic DNS with TSIG authentication option. b. Enter the name of the DNS domain. c. Enter the Fully Qualified Domain Name of the Target Host machine. d. Select the priority for connections to the IDENTIKEY Server - Primary server or Backup server. e. Enter the full path and filename for the shared key file. To use DNS service registration with a DNS server supporting Secure Dynamic Update a. Select the DNS service registration with a DNS server supporting Dynamic DNS with Secure Dynamic Update option 117

118 Install IDENTIKEY Server - Active Directory 40. b. Enter the name of the DNS domain. c. Enter the Fully Qualified Domain Name of the Target Host machine. d. Select the priority for connections to the IDENTIKEY Server - Primary server or Backup server. e. Enter the full path and filename for the shared key file. Click on Test Settings to test that the DNS server settings are correct. The Configuration Wizard will test the connection and list the result on-screen. 41. Click on Next. The Web Admin Client window will be displayed. Image 89: IDENTIKEY Server Configuration Wizard Web Admin Client Window Use this window to specify how the Web Administration Interface is to be deployed. Click Deploy and connect to the local IDENTIKEY Server to deploy the Web Administration Interface and connect it automatically to the IDENTIKEY Server on the same machine. Click Deploy and connect to a remote IDENTIKEY Server, and supply a remote server SOAP URL to connect to an IDENTIKEY Server on a different machine. Click Connect to a remote web administr client, and enter the IP address of the remote Administration Web Interface client to create an Administration Client Component record for the remote Administration Web Interface on this IDENTIKEY Server. Click Do not deploy to bypass this step and deploy at a later date. 118

119 Install IDENTIKEY Server - Active Directory 42. Click Next to continue. The Sample Web Client window will be displayed. Image 90: IDENTIKEY Server Configuration Wizard Sample SDK Web Client Window 43. Enter the IP address of a web client to be used by the Sample Web Pages in the SDK. This page is optional and only needs to be used if the SDK is to be installed. 44. Click on Next. If Active Directory is installed on the same machine as IDENTIKEY Server, and the machine is on a domain, but as a member server, the Domain Service Account screen will be displayed. 119

120 Install IDENTIKEY Server - Active Directory Image 91: IDENTIKEY Server Configuration Wizard Domain Service Account Window This window allows you to specify a domain account that you want IDENTIKEY Server to run under. Caution The User ID specified MUST be a member of domainadmins group. Failure to ensure that this is the case can cause security issues. 120

121 Install IDENTIKEY Server - Active Directory 45. Click Next to continue. The Confirmation window will be displayed. Image 92: IDENTIKEY Server Configuration Wizard Confirmation Window 46. Check the details on the confirmation window. If any changes are required, navigate back to the page using the Previous button and correct the entry. If no changes are required, click Next to continue to the Summary window. 121

122 Install IDENTIKEY Server - Active Directory Image 93: IDENTIKEY Server Configuration Wizard Summary Window 47. Click Finish to complete the configuration. 48. The Select Components window will be displayed showing which components have been installed. 122

123 Install IDENTIKEY Server - Active Directory Image 94: IDENTIKEY Server Configuration Wizard Confirmation Window 49. Click Next to continue. The Installation Completed window will be displayed. 123

124 Install IDENTIKEY Server - Active Directory Image 95: IDENTIKEY Server Installation Complete Window Click Finish when the installation is complete. 51. Restart your computer. 52. When your computer has restarted, refer to 10 Post-Installation Tasks for further steps that may need to be performed. Active Directory Extension If the Active Directory Schema has not been extended before running the Configuration Wizard the schema will be extended by the Configuration Wizard. 1. The first window is the Schema Extension window. Click Next to start the schema extension. 124

125 Install IDENTIKEY Server - Active Directory Image 96: IDENTIKEY Server Configuration Wizard - Active Directory Extension window 2. The Schema Extension will start, a pop-up window will appear requesting permission to update the schema. Image 97: IDENTIKEY Server Configuration Wizard Allow Schema Updates window Click Yes to allow updates and continue. 3. The Wait AD Schema Extension window will be displayed. You will only be able to continue with the configuration when the schemas have been replicated. 125

126 Install IDENTIKEY Server - Active Directory Image 98: IDENTIKEY Server Configuration Wizard Wait AD Schema Replication window Click on the Check button to check to see if the schema has been replicated. When replication has completed, the words 'schema fully replicated' will appear next to the check button. Click the Next button to continue with the Configuration Wizard Install Active Directory Users and Computers Extension on a Child Domain To install the Active Directory Users and Computers Extension on a child domain follow the instructions below. 1. Install IDENTIKEY Server on the machine with the parent domain. 2. Log in to the child domain machine, making sure you have administration authority. 3. On the child domain machine, run the IDENTIKEY Server installation as detailed above until you get to the Custom Setup window. When you get to this window uncheck every component EXCEPT the Active Directory User and Computers extension. 126

127 Install IDENTIKEY Server - Active Directory Image 99: IDENTIKEY Server Installation Custom Setup Window. 4. Continue with the IDENTIKEY Server Installation instructions from the Custom Setup window as detailed above. After the installation has finished you will see the Active Directory Users and Computers item on the Start Menu under VASCO\Identikey Server. 127

128 Install IDENTIKEY Server - Active Directory Image 100: Windows Start Menu showing location of Active Directory Users and Computers. 128

129 Answers File 8 Answers File The answers file is a facility which can be used to produce an output file from the Configuration Wizard, which can be used to apply the configuration settings to further IDENTIKEY Servers. 8.1 Generating the Answers File The answers file can be generated by using a command-line argument and providing a destination directory and file name when starting the Configuration Wizard: Windows - ikconfigwizardgui.exe --export= <destination directory\filename.ini>" Linux ikeyconfigwizardconsole --export <destination directory/filename> or ikeyconfigwizardgui --export= <destination directory/filename> The Configuration Wizard should then be completed according to the configuration required. A text file with the name supplied is produced after the Configuration Wizard is completed. There are no rules regarding the name of the answers file, and you can save it to a location that is convenient for you. The order of the items in the file is also not important. 8.2 Updating the Answers File The file produced from the Configuration Wizard will contain all the configuration settings with the exception of: passwords keys Anything that is masked in the display will not be written to the file. The file will have to be edited for each IDENTIKEY Server it is to be installed upon. The passwords and license key will have to be added manually using a text editor. The following fields will have to be updated for each IDENTIKEY Server: IP Address Every password License The following may need to be updated, depending on the configuration: RADIUS client location and shared secret RADIUS topology Back End addresses and shared secret DNS Auto server location support 129

130 Answers File Database passwords First Administrator ID and password if required Passwords are always case sensitive, as are keynames. User IDs may be case sensitive depending on the case conversion settings. 8.3 Using the Answers File Use the answers file by using a command line argument when starting the Configuration Wizard: Note For Active Directory installations of IDENTIKEY Server the addschema command must be run, and the checkschema command must return that the schema has been replicated before running the following command. Windows - ikconfigwizardgui.exe --import= <destination directory\filename.ini> Linux ikeyconfigwizardconsole --import <destination directory/filename> or ikeyconfigwizardgui --import= <destination directory/filename> Ensure that all the edits have been completed, as any value that is in the answers file will be used to configure the IDENTIKEY Server. 8.4 Sample Answers File Listed below is a sample answers file. This sample contains all the currently supported key/group combinations, but it is possible that not all of them will appear in the generated file. # # This file is not intended to be used to modify the program flow, just the # values used # [AD First Administrator] Username=<username> Password=<password> [AD Prerequisites] Not First Server=<true false> 130

131 Answers File [Automatic Server Location Support] DNS Server registration=none Dynamic TSIG AD # # This value is only needed for TSIG # Shared key file=<sharedkey> # # These values are only needed for non None values # DNS Domain=<domain> Host Name=<host name> Priority=true false [Custom Data Encryption] Storage Key=<hexadecimal key> Cipher=AES-128 AES-256 [Database] ODBC Data Source Name=<data source name> Username=<username> Password=<password> [DIGIPASS Domain] Name=<domain name> [Deploy Web Administration Interface] Deploy=None Local Remote Server Remote Client # # URL only needed if Deploy = Remote Server # Server URL=<url> # # IP only needed if Deploy = Remote Client # Client IP=<ip> [Domain Service] Use local system=true false 131

132 Answers File # # Domain, username and password are only needed if Use local system is false # Domain=<domain> Username=<username> Password=<password> [First Administrator] Username=<username> Password=<password> [Hardware Security Module] HSM=true false # # Path is only required for HSM installations # PKCS11 Library=<path> [HSM Sensitive Data] Key Access Private=true false Key Label=<token label> # # These values are not required if Key Access Private is true # Token PIN=<token pin> Token Label=<token label> [HSM Storage Key] Key Access Private=true false Key Label=<key label> Slot ID=<numeric slot ID 0-60> # # Token label and pin are only required if Key Access Private is true # Token PIN=<token PIN> Token Label=<token label> [License] 132

133 Answers File License Key=<license path> [Load Data Encryption] File=<enc file path> Password=<password> [Master Domain] Master domain name=<masterdomain> [Name Conversion] Case Conversion=None Upper Lower Use Windows Name Resolution=true false [Install Mode] Install mode=simple Advanced ODBC Advanced AD [RADIUS SSL Server Certificate Installation] Certificate Mode=Generate Install Remote [RADIUS SSL Generate] Password=<generated certificate password> [RADIUS SSL Select] PVK Filepath=<pvk file path> Password=<password> Certificate Filepath=<server certificate file path> [RADIUS Topology Backend] Auth IP=<ip address> Auth Port=<port> Account IP=<ip address> Account Port=<port> Secret=<secret> [Radius Client] Location=<ip address> Shared Secret=<secret> 133

134 Answers File [Radius Topology] Topology=None Standalone Backend [Sample Web Client] IP Address=<ip address> [Sensitive Data Encryption] Encryption method=standard Custom Load [Server Address] IP Address=<ip address> [Server Functionality] SOAP Authentication=true false SOAP Signature Validation=true false SOAP Administration=true false SOAP Provisioning=true false SOAP Reporting=true false Windows Logon=true false RADIUS=true false IIS Modules=true false EMV-CAP=true false Hardware Security Module=true false [SSL Server Certificate Installation] Certificate Mode=Generate Install PVK Filepath=<pvk file path> Password=<password> Certificate Filepath=<server certificate file path> [Use LDAP SSL] Use SSL=true false [Web Admin Client] IP Address=<ip address>` 134

135 Deploy IDENTIKEY Server Administration Web Interface 9 Deploy IDENTIKEY Server Administration Web Interface If the Administration Web Interface and the embedded Tomcat server is installed with IDENTIKEY Server, the Administration Web Interface will be deployed automatically by the Configuration Wizard. However, if the Administration Web Interface was not deployed automatically during installation of IDENTIKEY Server, or you want to install the Administration Web Interface on a different machine, follow the instructions in this chapter. 9.1 Manually Deploy Administration Web Interface on the same machine as IDENTIKEY Server The Administration Web Interface is provided as a.war (web archive) file, webadmin.war. This web application must be deployed in a Java web application server before it can be used Deploy Administration Web Interface in Apache Tomcat Server If the Administration Web Interface is not installed at the same time as the Tomcat server, the setup program can still deploy it automatically in an installed Tomcat server. To deploy the Administration Web Interface in an Apache Tomcat server: Run the Configuration Wizard 2. Click on Re-Deploy Web Administration. 3. Click on Next. 4. Look at the Summary, and confirm the details are correct. 5. Click Proceed. Deploy Administration Web Interface in Apache Tomcat Server Manual Instructions The following instructions may be used where deployment via the setup program has failed: 1. If you have not restarted the machine since installing, the Tomcat service may need to be started manually: a. Go to the desktop. b. Right-click on My Computer. 135

136 Deploy IDENTIKEY Server Administration Web Interface Image 101: My Computer - Manage c. Click on Manage. The Computer Management console will be displayed. Image 102: IDENTIKEY Server Computer Management console d. Expand the Services and Applications heading. e. Click on Services. f. Right-click on Apache Tomcat. g. Select Start. 136

137 Deploy IDENTIKEY Server Administration Web Interface 2. Copy <IDENTIKEY install>/webadmin/webadmin.war to <Tomcat install>/tomcat 6.0/webapps. Wait 20 seconds for it to automatically deploy. 3. Restart the Apache Tomcat service: 4. a. Go to the desktop. b. Right-click on My Computer. c. Click on Manage. d. Expand the Services and Applications heading. e. Click on Services. f. Right-click on Apache Tomcat. g. Select Restart. Start the Administration Web Interface from Start -> All Programs -> VASCO -> IDENTIKEY Server -> Identikey Web Administration The Administration Web Interface login screen should be displayed. Image 103: Administration Web Interface login 5. Log in using the username and password entered in the Configuration Wizard. 137

138 Deploy IDENTIKEY Server Administration Web Interface Java Memory Pool The memory pool for Java has be large enough to accommodate the largest administration operations you will perform with the Administration Web Interface. e.g. Import DPX and user files. The embedded Tomcat provided by VASCO has a 128 megabyte memory pool, however another Tomcat version may only have the default 64 megabyte memory pool. You can increase the memory pool if necessary by opening the Apache Tomcat Properties window, selecting the Java tab, and updating the Maximum memory pool field. You must then restart Tomcat. If an operation fails with an out of memory error, increase the pool size by going to Start>Vasco>Identikey Server>Tomcat Monitor. Click on the Java tab. Image 104: Apache Tomcat memory pool Upload Limit An upload limit of 5 megabytes has been set in the Administration Web Interface for user DPX import files. To change this value go to the place where Tomcat is installed (usually Program Files\VASCO\Identikey Server\Tomcat). Go to the Tomcat 6.0\webapps\webadmin\WEB-INF\classes directory, double-click the struts.properties file and edit the struts.multipart.maxsize value: #set max upload size to 5 meg. 138

139 Deploy IDENTIKEY Server Administration Web Interface struts.multipart.maxsize= Image 105: Location of struts.properties file. Save the file then restart Tomcat Using the Administration Web Interface with Internet Explorer In order for some of the Administration Web Interface pages to work on Microsoft Windows using Internet Explorer 7, active scripting must be enabled and the URL for the Administration Web Interface must be added to the trusted sites. 1. Open Internet Explorer. 2. Go to Tools > Internet Option. Click on the Security Tab. 3. Highlight Internet globe icon, click on the Custom Level.. button. 139

140 Deploy IDENTIKEY Server Administration Web Interface 4. Scroll down to the Active Scripting option and click Enable. 5. Click the OK button, and then the OK button again. To add the URL for the Administration Web Interface to the trusted sites: Stay on the Security Tab. 7. Select the green Trusted Sites icon. 8. Click the Sites button. 9. Ensure that the Require server verification ( for all sites in this zone check box is NOT selected. 10. Add the URL of the Administration Web Interface. 11. Click the Add button, and then the Close button. 12. Click the OK button. 13. Restart Internet Explorer. Deploy Administration Web Interface on a Dedicated Machine These instructions describe how to install the IDENTIKEY Server Administration Web Interface on a different machine to the IDENTIKEY Server. 1. Use the IDENTIKEY Server installer to install: a. IDENTIKEY Server, but only select the Web Administration component. Note The Administration Web Interface is set up differently depending on the data store in use by IDENTIKEY Server. Ensure that you select the correct data store either Active Directory or ODBC Database - during installation. 2. b. Java c. Tomcat Create a Client record, via the Administration Web Interface on the IDENTIKEY Server machine, for the remote Administration Web Interface. This should include: Client Type: Administration Client Location: <IP address of the remote Administration Web Interface machine> Protocol: SOAP 3. Stop the Tomcat service on the machine on which you are installing the Administration Web Interface using the Tomcat monitor (see Deploy Administration Web Interface in Apache Tomcat Server Manual Instructions above) 140

141 Deploy IDENTIKEY Server Administration Web Interface 4. Copy the webadmin.war file from c:\program files\vasco\identikey Server 3.2\webadmin to c:\program files\vasco\identikey 3.2\tomcat\Tomcat 6.0\webapps. 5. Run the following command on the machine on which you are installing the Administration Web Interface: (see 9.3 Web Administration Setup Tool for further information) java -jar admintool.jar autoadd <name> <url> where <name> is the display name for the IDENTIKEY Server and <url> is the address and SOAP port of the IDENTIKEY Server in url format - eg. This command will create a new trust store for the Administration Web Interface in Tomcat. 6. Start the Tomcat service. 7. When logging in to the remote Administration Web Interface, select the display name entered above. 141

142 Deploy IDENTIKEY Server Administration Web Interface 9.3 Web Administration Setup Tool Overview The Web Administration Setup Tool is a Java application that allows the management of IDENTIKEY Server connections and SSL certificate usage in the Administration Web Interface. Java Runtime Environment is required in order to run this tool. The Web Administration Setup Tool stores its information using the Java preferences API. On Windows, it uses the Windows registry. On Linux, it uses the running user's file system, and is stored in the java/.userprefs directory. User Account The web server application and the Web Administration Setup Tool should be run under the same user account, otherwise changes will not be reconciled in the Administration Web Interface. Caution Any changes made with the Web Administration Setup Tool will not take effect until the Administration Web Interface and the web server application have been restarted Running the Application Windows Open a command prompt. 2. Navigate to the directory in which the Java executable is located. 3. Enter one of the commands listed in Available Commands. Available Commands The commands should be in the following format: java -jar admintool.jar <command> [options] The following commands are available: Table 1: Web Administration Setup Tool - Commands Setup Tool Command autoadd Available Parameters <name> (required) Explanation Creates a new IDENTIKEY Server connection for the Administration Web 142

143 Deploy IDENTIKEY Server Administration Web Interface Setup Tool Command Available Parameters <url> (required) <connection limit> <connection timeout> server list Explanation Interface. The <name> and <url> parameters are required. If an SSL certificate is available for the IDENTIKEY Server, it will be added to the trust store. A connection limit (number of concurrent connections to allow) and connection timeout may also be specified. List the available IDENTIKEY SOAP servers server add <name> (required) <url> (required) <connection timeout> <connection limit> Add a new IDENTIKEY Server connection to the list displayed when the Administration Web Interface is started. The <name> and <url> parameters are required. A connection limit (number of concurrent connections to allow) and connection timeout may also be specified. Where connection timeout is specified, connection limit MUST also be specified. server delete <name> (required) Remove an existing IDENTIKEY Server from the connection list. server default <name> (required) Set the specified IDENTIKEY server as the default server localaddress <name> (required) <local address> (required) Specify a local IP address to specify when connecting to the provided server name. certificate list keystore List all client certificates in the keystore, with their IDs. certificate list truststore List all server certificates in the trust store, with their IDs. certificate add <certificate file> (required) Server certificate: adds the specified certificate to the trust store. <private key file> Client certificate: adds the specified certificate and associated private key <keystore password> file to the keystore. Note: Client certificate must use base64 encoding, and its private key file must be unencrypted, in PKCS#8 format, and use DER encoding. Private key will be encoded during the execution of the command. certificate delete <certificate id> (required) Deletes the specified certificate Note: Certificate ID is displayed in the output from a certificate list command. certificate delete keystore Deletes all client certificates from the keystore. certificate delete truststore Deletes all server certificates from the trust store Command Usage Examples Adding an IDENTIKEY Server and SSL Certificate The following command will add an IDENTIKEY Server and add the IDENTIKEY Server's certificate to the truststore: 143

144 Deploy IDENTIKEY Server Administration Web Interface java -jar admintool.jar autoadd <name> <url> where <name> is the display name of the IDENTIKEY Server and <url> is the address and port number of the IDENTIKEY Server. Example java -jar admintool.jar autoadd IKServer1 will create a new IDENTIKEY Server record which will be displayed in the Web Administration application using the name IKServer1 and will connect to the IDENTIKEY SOAP communicator using http using SSL - at address and port It will add the IDENTIKEY Server's SSL certificate to the default trust store. Note Protocol strings must be provided (http or https for SSL connections). Server creation can be verified by running the following command: java -jar admintool.jar server list which will display the current list of IDENTIKEY Servers. Note The server name and url must both be unique. Attempting to add another server with a different name and the same url will fail. Adding a server with the same name and different url will overwrite the existing entry for the IDENTIKEY Server of that name Adding an IDENTIKEY Server The following command will add an IDENTIKEY Server only, without adding a certificate to the trust store: java -jar admintool.jar server add <name> <url> where <name> is the display name of the IDENTIKEY Server and <url> is the address and port number of the IDENTIKEY Server. Example java -jar admintool.jar server add IKServer1 will create a new IDENTIKEY Server record which will be displayed in the Web Administration application using the name IKServer1 and will connect to the IDENTIKEY SOAP communicator using http at address and port

145 Deploy IDENTIKEY Server Administration Web Interface Using a Server Certificate for an IDENTIKEY Server The certificate authority for the IDENTIKEY Server's certificate must be added to the Administration Web Interface's trust store. In the case of a self-signed certificate, this will be the self-signed certificate itself. The self-signed certificate created by the IDENTIKEY Server Configuration Wizard is created with the filename ikeycerts.pem and located in: Windows - <install dir>\bin To add a certificate authority to the Administration Web Interface's trust store, run the following command: java -jar admintool.jar certificate add <certificate file> where <certificate file> is the file path and name of the SSL certificate to add to the trust store. Example java -jar admintool.jar certificate add c:\program files\vasco\identikey 3.2\bin\ikeycerts.pem will add the ikeycerts.pem certificate to the default trust store. Note Ensure that the connection url to the server added using admintool is updated to use https Using a Client Certificate for the Administration Web Interface The following command will install an SSL client certificate for the Administration Web Interface. This is used to authenticate the Administration Web Interface to the IDENTIKEY Server when it attempts a connection. java -jar admintool.jar certificate add <certificate file> <private key file> <keystore password> where <certificate file> is the location and file name for the client certificate file and <private key file> is the location and file name of the private key file for the client certificate file. Example java -jar admintool.jar certificate add c:\program files\identikey 3.2\bin\clientcert.pem c:\program files\identikey 3.2\bin\clientkey.der password01 will configure the Administration Web Interface to use the supplied client certificate. 145

146 Post-Installation Tasks 10 Post-Installation Tasks 10.1 Licensing Each IDENTIKEY Server will require a license key to be loaded into its Server record even if you are using an evaluation license. If this is not completed during the install process, it will need to be done before the IDENTIKEY Server can be used for authentication, signature validation or provisioning. Refer to the Licensing section of the Administration Reference for instructions Evaluation Serial Number If you do not obtain a license key file during installation of the IDENTIKEY Server, but wish to use an evaluation license, you will need to use this serial number on the VASCO licensing site: 2FC4FF0E1E Backup Strategy Consider a backup strategy to be put in place for files which will require backing up. For more information, see the Backup and Recovery section of the Administrator Reference Audit Settings Configure how and when the IDENTIKEY Server will record audit messages. Text File If auditing to a text file, you will need to decide how often a new text file should be created. By default, a new text file is created monthly. To change this frequency, modify the variables used in the file name. For example, if the IDENTIKEY Server is configured to write to a text file set to IdentikeyServer-{year}-{month}.audit, a new text file will be created monthly. If the text file name is set to IdentikeyServer-{year}-{month}-{mday}.audit, a new text file will be created daily. For more information, see the Auditing section of the Administrator Reference. Event Log If auditing primarily to the Windows Event Log, ensure that the Event Log is configured to not overwrite old entries automatically. This is the default setting. To check: 1. Open the Event Log. 2. Right-click on the specific log to which the IDENTIKEY Server will be auditing. 146

147 Post-Installation Tasks 3. Select Properties. 4. Select Do not overwrite events (clear log manually) from the When maximum log size is reached option button group. 5. Click on OK Database Tasks Embedded Database: dppostgres account When IDENTIKEY Server is installed with the embedded database, a local machine account called dppostgres is created on the installation machine. If installed on a domain controller, this account will be a domain account which has privileges to log on as a service and locally. The privileges to log on locally may be removed manually. Note The dppostgres account is not automatically deleted upon uninstallation of IDENTIKEY Server. Changing the dppostgres account password If the password for the dppostgres account is modified, it must also be changed for the PostgreSQL Database Server 8.3 service running on the machine. To do this: 1. Open the Computer Management console (right-click on My Computer and select Manage) 2. Expand the Services and Applications node, and click on Services. 3. Scroll down the Services list to PostgreSQL Database Server 8.3. Double-click on the entry. 4. Click on the Log On tab. 5. Enter the new password in the Password and Confirm Password fields. 6. Click on Apply. Note If the dppostgres account password is changed, it should be changed back to the default before uninstalling and reinstalling IDENTIKEY Server. If not, the new installation will fail Configure Connection Parameters You may wish to increase the number of connections attempted to the database if: 147

148 Post-Installation Tasks The load on the database will be high, and Changes to the connection settings will be efficient with the database and database driver in question. Setting an idle timeout will allow connections which are no longer required to be closed as soon as possible, which may lower the load on the database server. See the Administrator Reference for more information Additional Databases If additional databases are required for backup, failover or load-balancing purposes, configure the IDENTIKEY Server to use them now. See the Additional ODBC Databases topic in the Product Guide and the Database Connection Handling topic in the Administrator Reference for more information Permissions for Windows Group Check If you plan to use the Windows Group Check feature, additional permissions need to be set up. Add LocalSystem ( SYSTEM ) to either Administrators or the Account Operators Windows group on the server to allow the IDENTIKEY Server to run a group check: 1. Go to the desktop and right-click on My Computer. 2. Click on Manage. 3. Expand the Local Users and Groups node. 4. Click on Groups. 5. Right-click on Administrators or Account Operators. 6. Click on Add to Group Click on Add Click on Locations Select the local machine and click on OK. 10. Enter SYSTEM in the object name memo. 11. Click on OK. 148

149 Post-Installation Tasks Image 106: IDENTIKEY Server Administrator properties A new entry will be added to the Members list Set Up User Self Management and OTP Request Websites To set up the User Self Management and OTP Request Websites you need to deploy the web pages to a web server such as IIS and configure the CGI used by the web site with the location of the IDENTIKEY Server. The web sites consist of HTML pages with JavaScript, CSS and image files and the CGI. Therefore it can be deployed in a wide variety of web servers. The CGI needs to be located in a directory where it can be executed. For Windows 2003 you are able to automatically deploy the VASCO Self Management websites to the IIS websites during installation. This creates a new web site directory for the VASCO Self-Management Web Sites in the IIS Manager, under which the User Self Management website (dpselfservice) and the OTP Request website (requestotp) are deployed. These web sites should be manually started by right-clicking on the VASCO SelfManagement Web Sites and selecting 'Start'. Alternatively, you may install the User Self Management and OTP Request Websites manually using the following instructions: 1. Open the IIS Window. Ensure that the 'IIS Backwards Compatibility with IIS6' feature is installed and enabled. 2. Go to websites\default web site. 149

150 Post-Installation Tasks 3. Create a virtual directory (right click on default VASCO web site, create virtual directory) for the web site you are installing. A wizard will appear: a. Enter the virtual directory name. b. Browse to where the websites have been installed to usually Program Files\VASCO\Identikey Server 3.1\websites c. Check execute. d. Click Finish. 4. Highlight the virtual directory and right click. Select Properties. Check read on the Virtual Directory tab. 5. Run the Configuration GUI for the web site you are setting up. One is installed for each web site. They usually under Program Files\VASCO\Identikey Server 3.1\web site name. When the virtual directory is opened in a browser the following page should be displayed: Image 107: IDENTIKEY Server Self Management Website home page 10.6 Increase Tomcat Memory Allocation (64-bit Only) If you are intending to import a large number of Users on a 64-bit machine, we recommend that you use the DIGIPASS TCL Command Line Administration facility to perform the import. See the IDENTIKEY Server Administrator Reference for more details about the TCL. However, if you cannot use DIGIPASS TCL Command Line Administration facility, you will have to increase Tomcat's memory allocation. To do this you need to: 150

151 Post-Installation Tasks 1. Open Service Manager. 2. Locate and stop the Apache Tomcat service. 3. Open the Tomcat Monitor located in Start -> Programs -> VASCO -> Identikey Server -> Tomcat Monitor 4. Select the Java tab 5. Enter minimum value (eg 256) into the Initial memory pool field 6. Enter maximum value (eg 512) into the Maximum memory pool field 7. Click OK You will also have to extend Tomcat's timeout limit. 1. Navigate to the C:\Program Files\VASCO\Identikey 3.2\tomcat\Tomcat 6.0\conf directory. 2. Edit the web.xml file Find the session-timeout tag: <session-timeout>30</session-timeout> The value 30 in the above example is 30 minutes. Edit it to increase the timeout value to at least Save and close the file 6. Start the Apache Tomcat service 151

152 Install Additional IDENTIKEY Server 11 Install Additional IDENTIKEY Server The process for installing additional IDENTIKEY Servers is as follows: Install and configure the IDENTIKEY Server as a stand-alone server. 2. Test that it is working satisfactorily as a stand-alone server. 3. Set up IDENTIKEY Server Replication, if required, with one of the existing IDENTIKEY Servers. This process uses a database from an existing IDENTIKEY Server to overwrite the new IDENTIKEY Server's database.this is not required where Active Directory is used as the data store. 4. See the IDENTIKEY Server Advanced Configuration section of the Administrator Reference for more information on setting up additional IDENTIKEY Servers. Install IDENTIKEY Server Component See 4 Start IDENTIKEY Server Installation for instructions on installing the IDENTIKEY Server on a machine Configure Additional IDENTIKEY Servers Follow the same process as in the Configure IDENTIKEY Server section in this manual. However, these settings will be overwritten when replication is set up: Master Domain User ID/Domain name conversion You will need to request a License Key for each additional IDENTIKEY Server Replication Replication may be required between IDENTIKEY Servers. See the Replication section of the Administration Reference for instructions on setting up replication. 152

153 Add Components to Installation 12 Add Components to Installation To add components to an existing installation: 1. Go to Control Panel > Add/Remove programs. 2. Highlight IDENTIKEY Server. Click on Change. The welcome window will be displayed. Click Next and click the Change button.. 3. Select the components you want to add to the installation and click on Next. 4. Click Change again to begin the installation. The Installation Progress dialog will be displayed, showing the progress of your installation. 5. Click Finish when this process is complete. 153

154 Upgrade IDENTIKEY Server 13 Upgrade IDENTIKEY Server If you already have an installation of IDENTIKEY Server, you can upgrade to a new version. Note Licenses for IDENTIKEY Server 3.1 will be valid for IDENTIKEY Server 3.2, therefore you can upgrade from IDENTIKEY Server 3.1 to IDENTIKEY Server 3.2 without loading a new license key. Caution Please back up your data store and configuration file before starting the upgrade process. If you have multiple IDENTIKEY Servers running in a production environment, see the How To Upgrade Multiple IDENTIKEY Servers topic in the Administrator Reference before proceeding Upgrade Paths bit and 64-bit Windows For 32-bit and 64-bit Windows you can upgrade directly from IDENTIKEY Server 3.1.0, IDENTIKEY Server 3.1 SR1, and IDENTIKEY Server 3.1 SR2 to the latest version. Schema changes will be required. Ensure that appropriate planning and precautions have taken place before upgrading. In particular, ensure that you have: permission to perform a schema change backed up the datastore and configuration file Caution Do not attempt to swap IDENTIKEY Server to a new data store during the automated upgrade procedure. If you wish to use a new data store with IDENTIKEY Server 3.2, see the Data Migration Guide for complete instructions System Requirements The system requirements for upgrading to the latest IDENTIKEY Server are defined in 1.2 System Requirements. 154

155 Upgrade IDENTIKEY Server 13.3 Upgrade IDENTIKEY Server for 32-bit and 64-bit Windows 1. If autorun is enabled on the installation machine the installer will start up when the CD is inserted. If it does not start automatically then double click on autorun.exe. 2. Click on Install IDENTIKEY Server 3.2. The initial Setup window will be displayed. Image 108: IDENTIKEY Server Installation Welcome Window 3. Click Next to continue. The Data Storage window will be displayed. 155

156 Upgrade IDENTIKEY Server Image 109: IDENTIKEY Server Data Storage Window Select the data storage type used for the current IDENTIKEY Server installation. 4. Click Next to continue. The Identikey Server 3.2 Upgrade window will be displayed. 156

157 Upgrade IDENTIKEY Server Image 110: IDENTIKEY Server 3.2 Upgrade Window 5. Click Upgrade Identikey Server 3.2 to continue. The Welcome window will be displayed. 157

158 Upgrade IDENTIKEY Server Image 111: IDENTIKEY Server 3.2 Upgrade Window 6. Click Next. The License Agreement screen will be displayed. 158

159 Upgrade IDENTIKEY Server Image 112: IDENTIKEY Server Installation License Agreement Window 7. Read the agreement carefully. 8. To accept the License Agreement, tick the I accept the terms in the License Agreement checkbox and click Next. If you do not accept the License Agreement, and click Cancel, the install process will terminate. The Custom Setup window will be displayed. 159

160 Upgrade IDENTIKEY Server Image 113: IDENTIKEY Server Installation Custom Setup window 9. Select the features that you want to be installed by clicking on the icons on the window. Click the Reset button to reset all your choices. It is recommended that the upgrade directory selected be different to the directory used for the previous IDENTIKEY Server installation. 10. Click Next to continue. The Ready to Install IDENTIKEY Server window will be displayed. 160

161 Upgrade IDENTIKEY Server Image 114: IDENTIKEY Server Installation Ready to Install window 11. Click on Install. The progress of the installation will be displayed. You may be prompted to allow the installer to stop Identikey Server and/or MDC services. 12. Click on Finish. The Identikey Server 3.2 Upgrade window will be displayed. 161

162 Upgrade IDENTIKEY Server Image 115: IDENTIKEY Server 3.2 Upgrade Window If the Administration Web Interface is being upgraded, you have the opportunity to update an existing, older Tomcat installation to Tomcat 6.0. If the Tomcat upgrade is not completed at this step, the Administration Web Interface will not be automatically deployed by the Configuration Wizard. Note Administering IDENTIKEY Server 3.2 must be performed via the Administration Web Interface in this release. Do not attempt to connect to IDENTIKEY Server 3.2 using an older Administration Web Interface. To deploy the Administration Web Interface later, upgrade to Tomcat 6.0 then run the Configuration Wizard in Maintenance mode. Select Deploy Web Administration from the Wizard options. 13. To upgrade Tomcat: a. Click on Upgrade Tomcat 6.0. An alert will be displayed, asking if you wish to uninstall the previous version of Tomcat. b. Click on Yes. A Windows warning window may be displayed. Click on Yes. 162

163 Upgrade IDENTIKEY Server The progress of the installation will be displayed. When the Tomcat upgrade is finished, the Identikey Server 3.2 Upgrade window will be displayed. Image 116: IDENTIKEY Server 3.2 Upgrade Window 14. Click on Run Configuration Wizard. The Configuration Wizard's Start page will be displayed. 163

164 Upgrade IDENTIKEY Server Image 117: IDENTIKEY Server Configuration Wizard - Start Page 15. Click on Next. If required, the Update Schema page will be displayed. 164

165 Upgrade IDENTIKEY Server Image 118: IDENTIKEY Server Configuration Wizard - Update Schema Page 16. Click Next to update the data store schema. If IDENTIKEY Server uses Active Directory as its data store, you may be prompted to wait for schema changes to be replicated. When this has occurred, click Next. The License page may be displayed. 165

166 Upgrade IDENTIKEY Server Image 119: IDENTIKEY Server Configuration Wizard - License Page Note The Request a Licence from 'vasco.com' button will not be available for Windows 2008 Core, as there is no browser available to load the web site. To obtain a licence from vasco.com for Windows 2008 Core you will have to download the licence on another machine and copy it across to the Windows 2008 Core machine. 17. If you have an existing IDENTIKEY Server 3.1 license, and you do not wish to add new functionality, click Next to use the current license in IDENTIKEY Server 3.2. If you need a new license: you must first have downloaded it from the VASCO website. If you have not done that you can do it now by going to the web site specified, or by clicking the Request a License Key button. You can also copy the URL to the clipboard if you wish to download the license manually, by clicking Copy URL to Clipboard. a. If you have a valid IDENTIKEY Server 3.2 license key file for this machine, load it by navigating to the file using the... button. Click Next to continue. The Server Functionality page will be displayed. 166

167 Upgrade IDENTIKEY Server Image 120: IDENTIKEY Server Configuration Wizard - Server Functionality Page b. Select or deselect the functionality you wish enabled for this IDENTIKEY Server and click on Next. If Windows Logon is enabled in Server Functionality, the Server Location page will be displayed. 167

168 Upgrade IDENTIKEY Server Image 121: IDENTIKEY Server Configuration Wizard - Server Location Page 18. If this IDENTIKEY Server will be used with DIGIPASS Authentication for Windows Logon clients and Automatic Server Discovery, you will need to configure DNS registration for the IDENTIKEY Server. To skip automatic DNS registration now, select No DNS Service registration. To use DNS service registration with a DNS server supporting Dynamic DNS: a. Select the DNS service registration with a DNS server supporting Dynamic DNS option. b. Enter the name of the DNS domain. c. Enter the host name of the IDENTIKEY Server machine. d. Select the priority for connections to the IDENTIKEY Server - Primary server or Backup server. To use DNS service registration with a DNS server supporting TSIG authentication: 19. a. Select the DNS service registration with a DNS server supporting Dynamic DNS with TSIG authentication option. b. Enter the name of the DNS domain. c. Enter the Fully Qualified Domain Name of the Target Host machine. d. Select the priority for connections to the IDENTIKEY Server - Primary server or Backup server. e. Enter the full path and filename for the shared key file. Click on Test Settings to test that the DNS server settings are correct. 168

169 Upgrade IDENTIKEY Server The Configuration Wizard will test the connection and list the result on-screen. 20. Click Next to continue. The RADIUS SSL Server Certificate window will be displayed. Image 122: IDENTIKEY Server Configuration Wizard - RADIUS SSL Server Certificate Page 21. To use the existing SSL certificate used by the previous IDENTIKEY Server version: a. Select Use the IDENTIKEY SSL Server certificate. b. Click Next. To generate a self-signed certificate - typically used for test or evaluation purposes: a. Select Generate and install a new test certificate (self-signed) b. Click Next. The RADIUS SSL Server Certificate Details window will be displayed. c. Enter a Private key password for the new certificate. Confirm the password. d. Select the signature algorithm from the available algorithms in the drop-down box. See 15 SSL Server Certificate Encryption Algorithms for information about the selections for the Signature Algorithm. e. Click Next. To use a new commercial SSL certificate: a. Select Install my own certificate. 169

170 Upgrade IDENTIKEY Server b. Click Next. The RADIUS SSL Server Certificate Selection window will be displayed. c. Navigate to an SSL private key file. This file should contain only the private key, in PEM format. d. Enter the private key password. e. Navigate to the server certificate file. f. Navigate to an intermediate certificate bundle, in PEM format. Only use this field if if your certificate requires an intermediate bundle. g. Click Next. The Confirmation page will be displayed. Image 123: IDENTIKEY Server Configuration Wizard - Confirmation Page 22. Check the settings supplied. Click Previous to modify a setting. Click Next if all settings are correct. The Summary page will be displayed. 170

Identikey Server Windows Installation Guide 3.1

Identikey Server Windows Installation Guide 3.1 Identikey Server Windows Installation Guide 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis,

More information

IDENTIKEY Server Windows Installation Guide 3.1

IDENTIKEY Server Windows Installation Guide 3.1 IDENTIKEY Server Windows Installation Guide 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis,

More information

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide Digipass Plug-In for IAS IAS Plug-In IAS Microsoft's Internet Authentication Service Installation Guide Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations

More information

I n s t a lla t io n G u id e

I n s t a lla t io n G u id e Modify these field values (right-click and select Fields) to change text throughout the document: NOTE: Diagrams may appear or disappear depending on these field settings so BE CAREFUL adding and removing

More information

DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1

DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1 DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1 Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or

More information

Identikey Server Getting Started Guide 3.1

Identikey Server Getting Started Guide 3.1 Identikey Server Getting Started Guide 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without

More information

DIGIPASS Authentication for Windows Logon Product Guide 1.1

DIGIPASS Authentication for Windows Logon Product Guide 1.1 DIGIPASS Authentication for Windows Logon Product Guide 1.1 Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions,

More information

IDENTIKEY Server Administrator Reference 3.1

IDENTIKEY Server Administrator Reference 3.1 IDENTIKEY Server Administrator Reference 3.1 Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express or

More information

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Getting Started

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Getting Started Digipass Plug-In for IAS IAS Plug-In IAS Microsoft's Internet Authentication Service Getting Started Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of

More information

Identikey Server Administrator Reference 3.1

Identikey Server Administrator Reference 3.1 Identikey Server Administrator Reference 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis,

More information

Identikey Server Performance and Deployment Guide 3.1

Identikey Server Performance and Deployment Guide 3.1 Identikey Server Performance and Deployment Guide 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is'

More information

DIGIPASS CertiID. Getting Started 3.1.0

DIGIPASS CertiID. Getting Started 3.1.0 DIGIPASS CertiID Getting Started 3.1.0 Disclaimer Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express

More information

IDENTIKEY Server Product Guide 3.0 3.1

IDENTIKEY Server Product Guide 3.0 3.1 IDENTIKEY Server Product Guide 3.0 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without

More information

Identikey Server Product Guide 3.0 3.1

Identikey Server Product Guide 3.0 3.1 Identikey Server Product Guide 3.0 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without

More information

IDENTIKEY Appliance Administrator Guide 3.3.5.0 3.6.8

IDENTIKEY Appliance Administrator Guide 3.3.5.0 3.6.8 IDENTIKEY Appliance Administrator Guide 3.3.5.0 3.6.8 Disclaimer of Warranties and Limitations of Liabilities Legal Notices Copyright 2008 2015 VASCO Data Security, Inc., VASCO Data Security International

More information

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

DIGIPASS Authentication for Citrix Access Gateway VPN Connections DIGIPASS Authentication for Citrix Access Gateway VPN Connections With VASCO Digipass Pack for Citrix 2006 VASCO Data Security. All rights reserved. Page 1 of 31 Integration Guideline Disclaimer Disclaimer

More information

Check Point FDE integration with Digipass Key devices

Check Point FDE integration with Digipass Key devices INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of

More information

DIGIPASS Authentication for GajShield GS Series

DIGIPASS Authentication for GajShield GS Series DIGIPASS Authentication for GajShield GS Series With Vasco VACMAN Middleware 3.0 2008 VASCO Data Security. All rights reserved. Page 1 of 1 Integration Guideline Disclaimer Disclaimer of Warranties and

More information

Release Notes. Identikey Server Release Notes 3.1

Release Notes. Identikey Server Release Notes 3.1 Release Notes Identikey Server Release Notes 3.1 Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis,

More information

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

DIGIPASS Authentication for Sonicwall Aventail SSL VPN DIGIPASS Authentication for Sonicwall Aventail SSL VPN With VASCO IDENTIKEY Server 3.0 Integration Guideline 2009 Vasco Data Security. All rights reserved. PAGE 1 OF 52 Disclaimer Disclaimer of Warranties

More information

Dell Statistica 13.0. Statistica Enterprise Installation Instructions

Dell Statistica 13.0. Statistica Enterprise Installation Instructions Dell Statistica 13.0 2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter INTEGRATION GUIDE DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained

More information

SafeGuard Enterprise Web Helpdesk

SafeGuard Enterprise Web Helpdesk SafeGuard Enterprise Web Helpdesk Product version: 5.60 Document date: April 2011 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Help Desk

More information

Preparing Your Server for an MDsuite Installation

Preparing Your Server for an MDsuite Installation Preparing Your Server for an MDsuite Installation Introduction This document is intended for those clients who have purchased the MDsuite Application Server software and will be scheduled for an MDsuite

More information

DameWare Server. Administrator Guide

DameWare Server. Administrator Guide DameWare Server Administrator Guide About DameWare Contact Information Team Contact Information Sales 1.866.270.1449 General Support Technical Support Customer Service User Forums http://www.dameware.com/customers.aspx

More information

DIGIPASS Authentication for Citrix XenDesktop Web Interface

DIGIPASS Authentication for Citrix XenDesktop Web Interface DIGIPASS Authentication for Citrix XenDesktop Web Interface With VASCO DIGIPASS Pack for Citrix 2008 VASCO Data Security. All rights reserved. Page 1 of 44 Integration Guideline Disclaimer Disclaimer of

More information

Installation Guide for Pulse on Windows Server 2008R2

Installation Guide for Pulse on Windows Server 2008R2 MadCap Software Installation Guide for Pulse on Windows Server 2008R2 Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software

More information

WhatsUp Gold v16.3 Installation and Configuration Guide

WhatsUp Gold v16.3 Installation and Configuration Guide WhatsUp Gold v16.3 Installation and Configuration Guide Contents Installing and Configuring WhatsUp Gold using WhatsUp Setup Installation Overview... 1 Overview... 1 Security considerations... 2 Standard

More information

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

SafeGuard Enterprise Web Helpdesk. Product version: 6.1 SafeGuard Enterprise Web Helpdesk Product version: 6.1 Document date: February 2014 Contents 1 SafeGuard web-based Challenge/Response...3 2 Scope of Web Helpdesk...4 3 Installation...5 4 Allow Web Helpdesk

More information

Dell One Identity Cloud Access Manager 7.0.2. Installation Guide

Dell One Identity Cloud Access Manager 7.0.2. Installation Guide Dell One Identity Cloud Access Manager 7.0.2 2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under

More information

AIMS Installation and Licensing Guide

AIMS Installation and Licensing Guide AIMS Installation and Licensing Guide Version 9 2603 Camino Ramon Suite 110 San Ramon, CA 94583 Toll Free: 800-609-8610 Direct: 925-217-5170 FAX: 925-217-0853 Email: support@avatier.com Limited Warranty

More information

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012 SafeGuard Enterprise Web Helpdesk Product version: 6 Document date: February 2012 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Helpdesk

More information

WhatsUp Gold v16.2 Installation and Configuration Guide

WhatsUp Gold v16.2 Installation and Configuration Guide WhatsUp Gold v16.2 Installation and Configuration Guide Contents Installing and Configuring Ipswitch WhatsUp Gold v16.2 using WhatsUp Setup Installing WhatsUp Gold using WhatsUp Setup... 1 Security guidelines

More information

System Administration Training Guide. S100 Installation and Site Management

System Administration Training Guide. S100 Installation and Site Management System Administration Training Guide S100 Installation and Site Management Table of contents System Requirements for Acumatica ERP 4.2... 5 Learning Objects:... 5 Web Browser... 5 Server Software... 5

More information

Reconfiguring VMware vsphere Update Manager

Reconfiguring VMware vsphere Update Manager Reconfiguring VMware vsphere Update Manager vsphere Update Manager 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a

More information

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access With IDENTIKEY Server / Axsguard IDENTIFIER Integration Guidelines Disclaimer Disclaimer of Warranties and Limitations

More information

Dell Statistica Document Management System (SDMS) Installation Instructions

Dell Statistica Document Management System (SDMS) Installation Instructions Dell Statistica Document Management System (SDMS) Installation Instructions 2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described

More information

Portions of this product were created using LEADTOOLS 1991-2009 LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Portions of this product were created using LEADTOOLS 1991-2009 LEAD Technologies, Inc. ALL RIGHTS RESERVED. Installation Guide Lenel OnGuard 2009 Installation Guide, product version 6.3. This guide is item number DOC-110, revision 1.038, May 2009 Copyright 1992-2009 Lenel Systems International, Inc. Information

More information

Symantec LiveUpdate Administrator. Getting Started Guide

Symantec LiveUpdate Administrator. Getting Started Guide Symantec LiveUpdate Administrator Getting Started Guide Symantec LiveUpdate Administrator Getting Started Guide The software described in this book is furnished under a license agreement and may be used

More information

Backup Exec 15. Quick Installation Guide

Backup Exec 15. Quick Installation Guide Backup Exec 15 Quick Installation Guide 21344987 Documentation version: 15 PN: 21344987 Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark

More information

Installation Guide. Tech Excel January 2009

Installation Guide. Tech Excel January 2009 Installation Guide Tech Excel January 2009 Copyright 1998-2009 TechExcel, Inc. All Rights Reserved. TechExcel, Inc., TechExcel, ServiceWise, AssetWise, FormWise, KnowledgeWise, ProjectPlan, DownloadPlus,

More information

Diamond II v2.3 Service Pack 4 Installation Manual

Diamond II v2.3 Service Pack 4 Installation Manual Diamond II v2.3 Service Pack 4 Installation Manual P/N 460987001B ISS 26APR11 Copyright Disclaimer Trademarks and patents Intended use Software license agreement FCC compliance Certification and compliance

More information

Installation Guide for Pulse on Windows Server 2012

Installation Guide for Pulse on Windows Server 2012 MadCap Software Installation Guide for Pulse on Windows Server 2012 Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN INTEGRATION GUIDE DIGIPASS Authentication for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO Data

More information

Preparing Your Network for an MDsuite Installation

Preparing Your Network for an MDsuite Installation Preparing Your Network for an MDsuite Installation Professional Data Services 1632 East 23 rd Avenue Hutchinson, KS 67502 Toll-free: 800.875.0480 Fax: 858.486.5493 www.mdsuite.com Introduction This document

More information

Universal Management Service 2015

Universal Management Service 2015 Universal Management Service 2015 UMS 2015 Help All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical, including photocopying, recording,

More information

XenClient Enterprise Synchronizer Installation Guide

XenClient Enterprise Synchronizer Installation Guide XenClient Enterprise Synchronizer Installation Guide Version 5.1.0 March 26, 2014 Table of Contents About this Guide...3 Hardware, Software and Browser Requirements...3 BIOS Settings...4 Adding Hyper-V

More information

NSi Mobile Installation Guide. Version 6.2

NSi Mobile Installation Guide. Version 6.2 NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...

More information

MIGRATION GUIDE. Authentication Server

MIGRATION GUIDE. Authentication Server MIGRATION GUIDE RSA Authentication Manager to IDENTIKEY Authentication Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as

More information

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide Copyright and Trademark Statements 2014 ViewSonic Computer Corp. All rights reserved. This document contains proprietary information that

More information

axsguard Gatekeeper Open VPN How To v1.4

axsguard Gatekeeper Open VPN How To v1.4 axsguard Gatekeeper Open VPN How To v1.4 Legal Notice VASCO Products VASCO Data Security, Inc. and/or VASCO Data Security International GmbH are referred to in this document as 'VASCO'. VASCO Products

More information

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1 Quick Install Guide Lumension Endpoint Management and Security Suite 7.1 Lumension Endpoint Management and Security Suite - 2 - Notices Version Information Lumension Endpoint Management and Security Suite

More information

Installation and Deployment

Installation and Deployment Installation and Deployment Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc. Installation and Deployment SmarterStats

More information

Quick Start Guide for VMware and Windows 7

Quick Start Guide for VMware and Windows 7 PROPALMS VDI Version 2.1 Quick Start Guide for VMware and Windows 7 Rev. 1.1 Published: JULY-2011 1999-2011 Propalms Ltd. All rights reserved. The information contained in this document represents the

More information

WhatsUp Gold v16.1 Installation and Configuration Guide

WhatsUp Gold v16.1 Installation and Configuration Guide WhatsUp Gold v16.1 Installation and Configuration Guide Contents Installing and Configuring Ipswitch WhatsUp Gold v16.1 using WhatsUp Setup Installing WhatsUp Gold using WhatsUp Setup... 1 Security guidelines

More information

Embarcadero Performance Center 2.7 Installation Guide

Embarcadero Performance Center 2.7 Installation Guide Embarcadero Performance Center 2.7 Installation Guide Copyright 1994-2009 Embarcadero Technologies, Inc. Embarcadero Technologies, Inc. 100 California Street, 12th Floor San Francisco, CA 94111 U.S.A.

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505 INTEGRATION GUIDE DIGIPASS Authentication for Cisco ASA 5505 Disclaimer DIGIPASS Authentication for Cisco ASA5505 Disclaimer of Warranties and Limitation of Liabilities All information contained in this

More information

026-1010 Rev 7 06-OCT-2011. Site Manager Installation Guide

026-1010 Rev 7 06-OCT-2011. Site Manager Installation Guide 026-1010 Rev 7 06-OCT-2011 Site Manager Installation Guide Retail Solutions 3240 Town Point Drive NW, Suite 100 Kennesaw, GA 30144, USA Phone: 770-425-2724 Fax: 770-425-9319 Table of Contents 1 SERVER

More information

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide Symantec Database Security and Audit 3100 Series Appliance Getting Started Guide Symantec Database Security and Audit 3100 Series Getting Started Guide The software described in this book is furnished

More information

Enterprise Manager. Version 6.2. Installation Guide

Enterprise Manager. Version 6.2. Installation Guide Enterprise Manager Version 6.2 Installation Guide Enterprise Manager 6.2 Installation Guide Document Number 680-028-014 Revision Date Description A August 2012 Initial release to support version 6.2.1

More information

Hyper-V Installation Guide. Version 8.0.0

Hyper-V Installation Guide. Version 8.0.0 Hyper-V Installation Guide Version 8.0.0 Table of Contents 1. Introduction... 1 1.1. About this Document... 1 1.2. Documentation and Training... 1 1.3. About the AXS GUARD... 1 1.3.1. Introduction... 1

More information

SafeGuard Enterprise upgrade guide. Product version: 6.1

SafeGuard Enterprise upgrade guide. Product version: 6.1 SafeGuard Enterprise upgrade guide Product version: 6.1 Document date: February 2014 Contents 1 About this guide...3 2 Check the system requirements...4 3 Download installers...5 4 About upgrading...6

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

SafeGuard Enterprise upgrade guide. Product version: 7

SafeGuard Enterprise upgrade guide. Product version: 7 SafeGuard Enterprise upgrade guide Product version: 7 Document date: December 2014 Contents 1 About this guide...3 2 Check the system requirements...4 3 Download installers...5 4 About upgrading...6 4.1

More information

DIGIPASS Authentication for Remote Desktop Web Access User Manual 3.4

DIGIPASS Authentication for Remote Desktop Web Access User Manual 3.4 DIGIPASS Authentication for Remote Desktop Web Access User Manual 3.4 Disclaimer Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties,

More information

Interworks. Interworks Cloud Platform Installation Guide

Interworks. Interworks Cloud Platform Installation Guide Interworks Interworks Cloud Platform Installation Guide Published: March, 2014 This document contains information proprietary to Interworks and its receipt or possession does not convey any rights to reproduce,

More information

A dm inistrator Reference

A dm inistrator Reference Digipass Plug-In for IAS IAS Plug-In Digipass Extension for Active Directory Users and Computers Administration MMC Interface IAS Microsoft's Internet Authentication Service SBR Funk Steel-Belted RADIUS

More information

StruxureWare Power Monitoring 7.0.1

StruxureWare Power Monitoring 7.0.1 StruxureWare Power Monitoring 7.0.1 Installation Guide 7EN02-0308-01 07/2012 Contents Safety information 5 Introduction 7 Summary of topics in this guide 7 Supported operating systems and SQL Server editions

More information

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

More information

SafeGuard Easy upgrade guide. Product version: 7

SafeGuard Easy upgrade guide. Product version: 7 SafeGuard Easy upgrade guide Product version: 7 Document date: December 2014 Contents 1 About this guide...3 2 Check the system requirements...4 3 Download installers...5 4 About upgrading...6 4.1 Upgrade

More information

LifeSize Control Installation Guide

LifeSize Control Installation Guide LifeSize Control Installation Guide April 2005 Part Number 132-00001-001, Version 1.0 Copyright Notice Copyright 2005 LifeSize Communications. All rights reserved. LifeSize Communications has made every

More information

IGEL Universal Management. Installation Guide

IGEL Universal Management. Installation Guide IGEL Universal Management Installation Guide Important Information Copyright This publication is protected under international copyright laws, with all rights reserved. No part of this manual, including

More information

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server INTEGRATION GUIDE DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE

HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE Copyright 1998-2013 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any form or by any means

More information

Sophos Mobile Control Installation guide. Product version: 3.5

Sophos Mobile Control Installation guide. Product version: 3.5 Sophos Mobile Control Installation guide Product version: 3.5 Document date: July 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...10 4 External

More information

Tharo Systems, Inc. 2866 Nationwide Parkway P.O. Box 798 Brunswick, OH 44212 USA Tel: 330.273.4408 Fax: 330.225.0099

Tharo Systems, Inc. 2866 Nationwide Parkway P.O. Box 798 Brunswick, OH 44212 USA Tel: 330.273.4408 Fax: 330.225.0099 Introduction EASYLABEL 6 has several new features for saving the history of label formats. This history can include information about when label formats were edited and printed. In order to save this history,

More information

VERITAS Backup Exec TM 10.0 for Windows Servers

VERITAS Backup Exec TM 10.0 for Windows Servers VERITAS Backup Exec TM 10.0 for Windows Servers Quick Installation Guide N134418 July 2004 Disclaimer The information contained in this publication is subject to change without notice. VERITAS Software

More information

Reporting Installation Guide

Reporting Installation Guide Reporting Installation Guide Websense Enterprise Websense Web Security Suite TM v6.3.1 1996 2007, Websense, Inc. All rights reserved. 10240 Sorrento Valley Rd., San Diego, CA 92121, USA Published April

More information

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015 Metalogix SharePoint Backup Publication Date: August 24, 2015 All Rights Reserved. This software is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this

More information

www.novell.com/documentation Server Installation ZENworks Mobile Management 2.7.x August 2013

www.novell.com/documentation Server Installation ZENworks Mobile Management 2.7.x August 2013 www.novell.com/documentation Server Installation ZENworks Mobile Management 2.7.x August 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this

More information

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace INTEGRATION GUIDE DIGIPASS Authentication for VMware Horizon Workspace Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is';

More information

formerly Help Desk Authority 9.1.3 Upgrade Guide

formerly Help Desk Authority 9.1.3 Upgrade Guide formerly Help Desk Authority 9.1.3 Upgrade Guide 2 Contacting Quest Software Email: Mail: Web site: info@quest.com Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA www.quest.com

More information

Table of Contents. CHAPTER 1 About This Guide... 9. CHAPTER 2 Introduction... 11. CHAPTER 3 Database Backup and Restoration... 15

Table of Contents. CHAPTER 1 About This Guide... 9. CHAPTER 2 Introduction... 11. CHAPTER 3 Database Backup and Restoration... 15 Table of Contents CHAPTER 1 About This Guide......................... 9 The Installation Guides....................................... 10 CHAPTER 2 Introduction............................ 11 Required

More information

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide Dell Recovery Manager for Active Directory 8.6 2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished

More information

Lepide Active Directory Self Service. Installation Guide. Lepide Active Directory Self Service Tool. Lepide Software Private Limited Page 1

Lepide Active Directory Self Service. Installation Guide. Lepide Active Directory Self Service Tool. Lepide Software Private Limited Page 1 Installation Guide Lepide Active Directory Self Service Tool Lepide Software Private Limited Page 1 Lepide Software Private Limited, All Rights Reserved This User Guide and documentation is copyright of

More information

DIGIPASS Authentication for SonicWALL SSL-VPN

DIGIPASS Authentication for SonicWALL SSL-VPN DIGIPASS Authentication for SonicWALL SSL-VPN With VACMAN Middleware 3.0 2006 VASCO Data Security. All rights reserved. Page 1 of 53 Integration Guideline Disclaimer Disclaimer of Warranties and Limitations

More information

Portions of this product were created using LEADTOOLS 1991-2010 LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Portions of this product were created using LEADTOOLS 1991-2010 LEAD Technologies, Inc. ALL RIGHTS RESERVED. Installation Guide Lenel OnGuard 2010 Installation Guide, product version 6.4. This guide is item number DOC-110, revision 1.045, May 2010 Copyright 1995-2010 Lenel Systems International, Inc. Information

More information

Installing and Configuring WhatsUp Gold

Installing and Configuring WhatsUp Gold Installing and Configuring WhatsUp Gold This guide provides information about installing and configuring WhatsUp Gold v14.2, including instructions on how to run the WhatsUp web interface through an Internet

More information

Sophos Mobile Control Installation guide. Product version: 3

Sophos Mobile Control Installation guide. Product version: 3 Sophos Mobile Control Installation guide Product version: 3 Document date: January 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...16 4 External

More information

axsguard Gatekeeper Internet Redundancy How To v1.2

axsguard Gatekeeper Internet Redundancy How To v1.2 axsguard Gatekeeper Internet Redundancy How To v1.2 axsguard Gatekeeper Internet Redundancy How To v1.2 Legal Notice VASCO Products VASCO data Security, Inc. and/or VASCO data Security International GmbH

More information

Installation Guide ARGUS Symphony 1.6 and Business App Toolkit. 6/13/2014 2014 ARGUS Software, Inc.

Installation Guide ARGUS Symphony 1.6 and Business App Toolkit. 6/13/2014 2014 ARGUS Software, Inc. ARGUS Symphony 1.6 and Business App Toolkit 6/13/2014 2014 ARGUS Software, Inc. Installation Guide for ARGUS Symphony 1.600.0 6/13/2014 Published by: ARGUS Software, Inc. 3050 Post Oak Boulevard Suite

More information

Deploying System Center 2012 R2 Configuration Manager

Deploying System Center 2012 R2 Configuration Manager Deploying System Center 2012 R2 Configuration Manager This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

More information

2X Cloud Portal v10.5

2X Cloud Portal v10.5 2X Cloud Portal v10.5 URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise

More information

Symantec Backup Exec 2010 R2. Quick Installation Guide

Symantec Backup Exec 2010 R2. Quick Installation Guide Symantec Backup Exec 2010 R2 Quick Installation Guide 20047221 The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

More information

Networking Best Practices Guide. Version 6.5

Networking Best Practices Guide. Version 6.5 Networking Best Practices Guide Version 6.5 Summer 2010 Copyright: 2010, CCH, a Wolters Kluwer business. All rights reserved. Material in this publication may not be reproduced or transmitted in any form

More information

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Windows 2000, Windows Server 2003 5.0 11293743 Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide Copyright

More information

Version 1.2. 2011 Provance Technologies, Inc. All rights reserved. Provance Technologies Inc. 85 Bellehumeur Gatineau, Quebec CANADA J8T 8B7

Version 1.2. 2011 Provance Technologies, Inc. All rights reserved. Provance Technologies Inc. 85 Bellehumeur Gatineau, Quebec CANADA J8T 8B7 This document is provided for informational purposes only and Provance makes no warranties, either express or implied, in this document. Information in this document, including external references, is

More information