For Internal Use Only Enterprise Single Sign-On 8.0.3 Additional Dedicated Server Instance
Copyright 1998-2009 Quest Software and/or its Licensors ALL RIGHTS RESERVED. This publication contains proprietary information protected by copyright. The software described in this publication is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical or otherwise without the prior written permission of the publisher. DISCLAIMER The information in this publication is provided in connection with Quest branded products from Evidian. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this publication. EXCEPT AS OTHERWISE SPECIFIED IN THE END USER LICENSE AGREEMENT FOR THIS PRODUCT, EVIDIAN AND QUEST ASSUME NO LIABILITY WHATSOEVER AND DISCLAIM ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO THIS PRODUCT, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL EVIDIAN OR QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS PUBLICATION, EVEN IF EVIDIAN OR QUEST HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Evidian and Quest make no representations or warranties with respect to the accuracy or completeness of the contents of this publication and reserve the right to make changes to specifications and product descriptions at any time without notice. Evidian and Quest do not make any commitment to update the information contained in this publication. The information and specifications in this publication are subject to change without notice. Trademarks Quest, Quest Software, the Quest Software logo, Aelita, AppAssure, Benchmark Factory, Big Brother, DataFactory, DeployDirector, ERDisk, Foglight, Funnel Web, I/Watch, Imceda, InLook, IntelliProfile, InTrust, IT Dad, I/Watch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, NBSpool, NetBase, Npulse, PerformaSure, PL/Vision, Quest Central, RAPS, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL LiteSpeed, SQL Navigator, SQL Watch, SQLab, Stat, Stat!, StealthCollect, Tag and Follow, Toad, T.O.A.D., Toad World, Vintela, Virtual DBA, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. The terms Evidian, AccessMaster, SafeKit, OpenMaster, SSOWatch, WiseGuard, Enatel and CertiPass are trademarks registered by Evidian. All other trademarks mentioned in this document are the propriety of their respective owners. World Headquarters, 5 Polaris Way, Aliso Viejo, CA 92656 Website: www.quest.com Please refer to our website for regional and international office information. Quest Enterprise SSO Updated January 2010 Software version 8.0.3
CONTENTS 1. About This Guide... 3 1.1 Introduction... 3 1.2 Conventions...3 2. Prerequisites... 4 3. Installation procedure... 5 3.1 Directory installation... 5 3.1.1 Windows XP Professional Edition / Windows 2003 Server... 5 3.1.2 Windows 2003 Server R2... 5 3.1.3 Windows 2008 Server / Windows 2008 Server R2... 5 3.2 Dedicated directory instance setup... 6 3.2.1 Windows XP Professional Edition / Windows 2003 Server / Windows 2003 Server R2... 6 3.2.2 Windows Server 2008 / Windows Server 2008 R2... 12 4. E-SSO configuration... 18 About Quest Software, Inc.... 19 Contacting Quest Software... 19 Contacting Quest Support... 19 i
Additional Dedicated Server Instance 1. About This Guide 1.1 Introduction This document describes how to install a replicated directory for E-SSO. This installation is recommended for high availability. You can install as many replicated directories as needed, and anyone of them can be safely uninstalled. 1.2 Conventions In order to help you get the most out of this guide, we have used specific formatting conventions. These conventions apply to procedures, icons, keystrokes and crossreferences. ELEMENT Select Bolded text Italic text Bold Italic text Blue text CONVENTION This word refers to actions such as choosing or highlighting various interface elements, such as files and radio buttons. Interface elements that appear in Quest products, such as menus and commands. Used for comments. Introduces a series of procedures. Indicates a cross-reference. When viewed in Adobe Acrobat, this format can be used as a hyperlink. Used to highlight additional information pertinent to the process being described. Used to provide Best Practice information. A best practice details the recommended course of action for the best result. Used to highlight processes that should be performed with care. + A plus sign between two keystrokes means that you must press them at the same time. A pipe sign between elements means that you must select the elements in that particular sequence. 3
Quest Enterprise SSO 8.0.3 2. Prerequisites An E-SSO Controller must be already installed. The additional server must be a member of the Active Directory on which ESSO is configured. Supported operating systems are: Windows 2008 Server / Windows 2008 Server R2 Windows 2003 Server R2 Windows 2003 Server Windows XP Professional Edition (for testing purpose only) This server must not be an Active Directory domain controller. 4
Additional Dedicated Server Instance 3. Installation procedure You must first install the directory software, then setup a new directory instance. Depending on the operating system, the installation procedure will differ. 3.1 Directory installation This will enable dedicated directory software components on the server. 3.1.1 Windows XP Professional Edition / Windows 2003 Server The replicated directory installer is available from the installer (start.hta file). 3.1.2 Windows 2003 Server R2 You must install the ADAM Windows component, shipped with the operating system. 1. Log on as a local administrator, click Start, point to Control Panel, and then click Add or Remove Programs. 2. Click Add/Remove Windows Components. 3. Select the check box next to Active Directory Services, and then click Details. 4. Select the check box next to Active Directory Application Mode (ADAM), click OK, and then click Next. 5. The message "You have successfully completed the Windows Component Wizard" should appear. 6. Click Finish. 3.1.3 Windows 2008 Server / Windows 2008 Server R2 You must add the Active Directory Lightweight Directory Services role to your server. 1. Click Start, and then click Server Manager. 2. In the console tree, right-click Roles, and then click Add Roles. 3. Review the information on the Before You Begin page of the Add Roles Wizard, and then click Next. 4. On the Select Server Roles page, in the Roles list, select the Active Directory Lightweight Directory Services check box, and then click Next. 5. Finish adding the AD LDS server role by following the instructions in the wizard. 5
Quest Enterprise SSO 8.0.3 3.2 Dedicated directory instance setup The replicated directory server is now to be setup. When the E-SSO controller was installed, you chose a domain account to be the technical administrator of the dedicated server. This account is needed twice during the replica setup. 3.2.1 Windows XP Professional Edition / Windows 2003 Server / Windows 2003 Server R2 Click Start, point to All Programs, point to ADAM, and then click Create an ADAM instance. 1. On the Welcome to the Active Directory Application Mode Setup Wizard page, click Next. 6
Additional Dedicated Server Instance 2. On the Setup Options page, click A replica of an existing instance (as shown in the following), and then click Next. 3. On the Instance Name page, enter «ESSOServer», and then click Next. 7
Quest Enterprise SSO 8.0.3 4. On the Ports page, enter 55000 for LDAP and 55001 for SSL, and then click Next. 5. On the Joining a Configuration Set page, enter the Fully Qualified DNS Name of the previously installed E-SSO Controller (you may also click Browse...). For the LDAP port, enter 55000. 8
Additional Dedicated Server Instance 6. On the Administrative Credentials for the Configuration Set page, enter the technical administrator account described above, then click Next. 7. On the Copying Application Directory Partitions page, add the O=IAM partition, then click Next. 9
Quest Enterprise SSO 8.0.3 8. On the File Locations page, click Next. 9. On the Service Account Selection page, click Next to accept the Network service account default. 10
Additional Dedicated Server Instance 10. On the ADAM Administrators page, enter the technical administrator account described above, and then click Next. 11. On the Ready to Install page, click Next. 11
Quest Enterprise SSO 8.0.3 12. When the Active Directory Application Mode Setup Wizard finishes, it displays this message: You have successfully completed the Active Directory Application Mode Setup Wizard. 3.2.2 Windows Server 2008 / Windows Server 2008 R2 1. Click Start, point to Administrative Tools, and then click Active Directory Lightweight Directory Services Setup Wizard. 12
Additional Dedicated Server Instance 2. On the Welcome to the Active Directory Lightweight Directory Services Setup Wizard page, click Next. 3. On the Setup Options page, click A replica of an existing instance, and then click Next. 13
Quest Enterprise SSO 8.0.3 4. On the Instance Name page, enter "ESSOServer", and then click Next. 5. On the Ports page, enter 55000 and 55001, and then click Next. 14
Additional Dedicated Server Instance 6. On the Joining a Configuration Set page, in Server, type the full DNS name of the E-SSO controller (you may also click Browse...). Then, type 55000 as the LDAP port and click Next. 7. On the Administrative Credentials for the Configuration Set page, enter the technical administrator account described above, then click Next. 15
Quest Enterprise SSO 8.0.3 8. On the Copying Application Directory Partitions page, select «O=IAM», then click Next. 9. On the File Locations page, accept the default values, then click Next. 16
Additional Dedicated Server Instance 10. On the Service Account Selection page, choose Network Service Account, then click Next. 11. On the AD LDS Administrators page, enter the technical administrator account described above, and then click Next. 12. Follow the last steps to install AD LDS and finish the wizard. 17
Quest Enterprise SSO 8.0.3 4. E-SSO configuration Now that your replicated directory is setup, you must configure E-SSO controller and workstation to use it. This is done using the ESSO configuration tool. Don't forget to specify the 55000 port number, using the format: replica-instance.domain.com:55000 18
About Quest Software, Inc. Additional Dedicated Server Instance Now more than ever, organizations need to work smart and improve efficiency. Quest Software creates and supports smart systems management products helping our customers solve everyday IT challenges faster and easier. Visit www.quest.com for more information. Contacting Quest Software Phone 949.754.8000 (United States and Canada) Email info@quest.com Mail Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA Web site www.quest.com Please refer to our Web site for regional and international office information. Contacting Quest Support Quest Support is available to customers who have a trial version of a Quest product or who have purchased a Quest product and have a valid maintenance contract. Quest Support provides unlimited 24x7 access to SupportLink, our self-service portal. Visit SupportLink at http://support.quest.com/ From SupportLink, you can do the following: Retrieve thousands of solutions from our online Knowledgebase Download the latest releases and service packs Create, update and review Support cases View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures. The guide is available at: http://support.quest.com. 19