Identity as a Service Powered by NetIQ Services Director Installation Guide

Identity as a Service Powered by NetIQ Services Director Installation Guide July 2015 www.netiq.com/documentation

Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU. For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-dod acquisitions), the government s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement. 2015 NetIQ Corporation. All Rights Reserved. For information about NetIQ trademarks, see https://www.netiq.com/company/legal/.

Contents About this Book and the Library 5 About NetIQ Corporation 7 1 Requirements 9 2 Installing the Remote Database 11 2.1 Installation Considerations......................................................... 11 2.2 Installing the Nodes.............................................................. 12 2.3 Starting the MySQL Cluster for the First Time.......................................... 12 2.4 A Sample config.ini File........................................................... 13 3 Installing the Services Director 15 3.1 Installing the VM Image........................................................... 15 3.1.1 Determining which OVF File to Use........................................... 15 3.1.2 Importing an OVF File without Configuring Network Settings....................... 15 3.1.3 Importing an OVF File in to vsphere or vsphere Hypervisor........................ 16 3.1.4 Configuring the VM Image..................................................16 3.2 Installing a Services Director....................................................... 17 4 Creating a Tenant 19 5 Upgrading the Services Director 21 6 Troubleshooting 23 6.1 Verifying the Version of the Services Director.......................................... 23 6.2 Restarting the Services Director..................................................... 23 Contents 3

4 Identity as a Service Powered by NetIQ Services Director Framework Installation Guide

About this Book and the Library The NetIQ Services Director Framework Installation Guide provides detailed instructions on how to install and configure the framework for the services hosted by providers. This allows providers a simple way to manage multiple services and multiple tenants from one location. Intended Audience This book provides information for individuals responsible for hosting NetIQ products as services for their tenants. The providers of the these services must understand firewalls, ports, networking, and virtual machines. Other Information in the Library The library provides the following information resources: Identity as a Service Powered by NetIQ Solution Overview Guide Provides overview and architectural information about the services included in the Identity as a Service Powered by NetIQ solution. Identity as a Service Powered by NetIQ Provider Administration Guide Provides step-by-step guidance for the many tasks a provider performs for tenants. The guide also contains information on how to manage and maintain your Services Director. Identity as a Service Powered by NetIQ Tenant Administration Guide Provides step-by-step guidance for the tasks a tenant performs. Identity as a Service Powered by NetIQ IdentityAccess Service Installation Guide Provides detailed installation information for the IdentityAccess Service appliance. Identity as a Service Powered by NetIQ IdentityAccess Service Configuration and Administration Guide Provides detailed configuration and administration information for the IdentityAccess Service appliance. Identity as a Service Powered by NetIQ IdentityAccess Service Connectors Guide Provides detailed installation and configuration information for the connectors that you use with the IdentityAccess Service appliance. Identity as a Service Powered by NetIQ IdentityAccess Service Mobile Users QuickStart Contains basic steps for the users to configure and use the MobileAccess service that is part of the IdentityAccess Service. Identity as a Service Powered by NetIQ Account Management Service Guide Provides detailed installation and configuration information for the Account Management Service appliance. About this Book and the Library 5

Identity as a Service Powered by NetIQ Privileged Account Manager Service Guide Provides installation and configuration information on how to make NetIQ Privileged Account Manager a service that the Services Director hosts. Identity as a Service Powered by NetIQ Technical References Provide more detailed information about different features of the Identity as a Service Powered by NetIQ solution. Help Provides context-sensitive information and step-by-step guidance for common tasks. 6 Identity as a Service Powered by NetIQ Services Director Framework Installation Guide

About NetIQ Corporation We are a global, enterprise software company, with a focus on the three persistent challenges in your environment: Change, complexity and risk and how we can help you control them. Our Viewpoint Adapting to change and managing complexity and risk are nothing new In fact, of all the challenges you face, these are perhaps the most prominent variables that deny you the control you need to securely measure, monitor, and manage your physical, virtual, and cloud computing environments. Enabling critical business services, better and faster We believe that providing as much control as possible to IT organizations is the only way to enable timelier and cost effective delivery of services. Persistent pressures like change and complexity will only continue to increase as organizations continue to change and the technologies needed to manage them become inherently more complex. Our Philosophy Selling intelligent solutions, not just software In order to provide reliable control, we first make sure we understand the real-world scenarios in which IT organizations like yours operate day in and day out. That's the only way we can develop practical, intelligent IT solutions that successfully yield proven, measurable results. And that's so much more rewarding than simply selling software. Driving your success is our passion We place your success at the heart of how we do business. From product inception to deployment, we understand that you need IT solutions that work well and integrate seamlessly with your existing investments; you need ongoing support and training post-deployment; and you need someone that is truly easy to work with for a change. Ultimately, when you succeed, we all succeed. Our Solutions Identity & Access Governance Access Management Security Management Systems & Application Management Workload Management Service Management About NetIQ Corporation 7

Contacting Sales Support For questions about products, pricing, and capabilities, contact your local partner. If you cannot contact your partner, contact our Sales Support team. Worldwide: www.netiq.com/about_netiq/officelocations.asp United States and Canada: 1-888-323-6768 Email: Website: info@netiq.com www.netiq.com Contacting Technical Support For specific product issues, contact our Technical Support team. Worldwide: www.netiq.com/support/contactinfo.asp North and South America: 1-713-418-5555 Europe, Middle East, and Africa: +353 (0) 91-782 677 Email: Website: support@netiq.com www.netiq.com/support Contacting Documentation Support Our goal is to provide documentation that meets your needs. The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at www.netiq.com/ documentation. You can also email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you. Contacting the Online User Community NetIQ Communities, the NetIQ online community, is a collaborative network connecting you to your peers and NetIQ experts. By providing more immediate information, useful links to helpful resources, and access to NetIQ experts, NetIQ Communities helps ensure you are mastering the knowledge you need to realize the full potential of IT investments upon which you rely. For more information, visit http://community.netiq.com. 8 Identity as a Service Powered by NetIQ Services Director Framework Installation Guide

1 1Requirements The NetIQ Services Director provides the framework for your Identity as a Service Powered by NetIQ solution. Figure 1-1 Services Director NetIQ Services Director L4 Switch Remote Database Services Director You install the Services Director only once. If you have already installed the Services Director, proceed to one of the services guides. Otherwise, continue with this chapter to create the framework for your Identity as a Service Powered by NetIQ solution. You have different deployment options for your Identity as a Service Powered by NetIQ Solution. For more information, see Deployment Scenarios in the Identity as a Service Powered by NetIQ Solution Overview Guide. Use the following installation requirements to successfully install and configure the Services Director. Table 1-1 Services Director Requirements General Requirements Time Synchronization You must synchronize time between the Services Director and the IdentityAccess Service appliance. Services Director Requirements Supported Virtual Environments VMware vsphere and vsphere Hypervisor 5.0 VMware vsphere and vsphere Hypervisor 5.5 Virtual System Guest Requirements 8 GB RAM; for optimal performance, increase to 16 GB RAM. 2 virtual processors; for optimal performance, add more processors if the computer is under heavy load. 26 GB hard disk space; for optimal performance, add a separate volume for logging. A best practice is to group or separate virtual machines on hosts and data stores to avoid resource conflicts for CPU, disk I/O, and network bandwidth. Requirements 9

Cluster TCP Port Forwarding Certificate Key Pair Browsers L4 switch or DNS round-robin configuration for cluster of Services Directors. The L4 switch must persist the client request to the same server. The option has different names depending on the L4 switch. Some of the common names for this option are sticky bit or persistence. The certificate used for all of the nodes in the cluster must resolve the public DNS name that the nodes in the cluster share. Remote database (MySQL) option used in the Services Director node setup. MySQL accessible from each Services Director cluster node. 80/443: Needed for the provider and tenant consoles. 61616: Needed for message bus communications. Single domain (wildcard certificates are not supported). DNS name of the Services Director must be the subject name for the certificate. RSA encryption. PKCS #12 format. Supported browsers for administration tasks: Firefox on Windows 7 or Windows 8.1 Google Chrome on Windows 7 or Windows 8.1 Internet Explorer on Windows 7 or Windows 8.1 Safari on OS X Mavericks or later You must disable pop-up blockers to access the administration consoles. NOTE: If you experience any issues with a supported browser, ensure that you have the latest version of the browser installed, or try another supported browser. Administering the Services Director with Internet Explorer might be slower than with other supported browsers. Remote Database Requirements MySQL 5.5 Minimum hardware requirements for each MySQL VM image: 75 GB disk space 2 Cores 16 GB RAM For clustering, you need to two to four MySQL nodes. User Rights File Handles You must install the remote database as root. Use the following command to increase the file handles for each MySQL VM image: SOFTFDLIMIT=4096 You set this value in the /etc/sysconfig/ulimit file on the remote database. 10 Identity as a Service Powered by NetIQ Services Director Framework Installation Guide

2 2Installing the Remote Database The Services Director framework requires that you install and configure a remote MySQL database. The MySQL database stores provider configuration information, definitions for auditing services, connector templates, connector configurations, tenant records, and administration information such as roles. Each Services Director requires access to the remote MYSQL database to cluster the Services Director or offload work from the Services Director. You must install a MySQL database before you start the installation of the Services Director. Installing the Services Director without a remote database is only for demonstration purposes. This chapter provides information about installing and configuring a clustered MySQL database to work with the Services Director. There are many different versions of cluster software, configuration tools, and administration tools that allow you to cluster a MySQL database. This guide explains the GA version of MySQL Cluster, but you can use any of the available software and tools. Section 2.1, Installation Considerations, on page 11 Section 2.2, Installing the Nodes, on page 12 Section 2.3, Starting the MySQL Cluster for the First Time, on page 12 Section 2.4, A Sample config.ini File, on page 13 2.1 Installation Considerations The Services Director framework supports MySQL Cluster 7.3.x. You must download both the server and client.rpm files. Download the files from Download MySQL Cluster (http://dev.mysql.com/ downloads/cluster/). The following is a list of items to consider before you perform the installation: Do not place the MySQL cluster in the DMZ or allow it to be directly accessible from the Internet. A MySQL cluster does not encrypt the data exchange between the MySQL nodes. Isolate the MySQL cluster on its own private network for better performance. This provides all the bandwidth of that segment to the cluster nodes, and this means that the routers do not hop or reroute the MySQL cluster data. Specify the port number for communication between the MySQL clustered nodes. If you are in an environment where firewalls are closely managed, you might have to open this port for node communication. Run the /usr/bin/mysql_secure_installation script to remove the anonymous users and to test the database on an SQL node. However, when prompted, do not remove remote login for the root user since the Services Director installation script uses that user to access the MySQL database during installation. Installing the Remote Database 11

Ensure that you have a minimum of 1000 connections allowed for your database. You must set the max_connections variable to be 1000 or greater. Ensure that the MySQL user used for the installation has all privileges to the databases connectordef and provider. 2.2 Installing the Nodes To install a MySQL cluster, you must install one management node, at least one data node, and an SQL node. You must install and configure all of the nodes before you try to start any of the nodes. The order for starting the nodes is very important. To install a MySQL cluster: 1 Install a management node (server rpm), and create and configure the config.ini file. 2 Install a data node (server rpm), and create and configure the my.cnf file. 3 Install an SQL node (server and client rpms), and create and configure the my.cnf file. 4 Record the IP addresses and ports for the SQL nodes, because the Services Director requires this information. For more information, see: Installation: MySQL Cluster Installation and Upgrades (http://fossies.org/linux/misc/mysqlrefman/mysql-refman-5.5-en.html-chapter.tar.gz:a/refman-5.5-en.html-chapter/mysqlcluster.html#mysql-cluster-installation) Initial Configuration: Initial Configure of MySQL Cluster (http://fossies.org/linux/misc/mysqlrefman/mysql-refman-5.5-en.html-chapter.tar.gz:a/refman-5.5-en.html-chapter/mysqlcluster.html#mysql-cluster-install-configuration) 2.3 Starting the MySQL Cluster for the First Time After you have completed the installation and configuration of the MySQL nodes, you must start the nodes in the proper order for the cluster to work. The proper order is: 1. Management node 2. Data node 3. SQL node For more information, see Initial Startup of MySQL Cluster (http://fossies.org/linux/misc/mysqlrefman/mysql-refman-5.5-en.html-chapter.tar.gz:a/refman-5.5-en.html-chapter/mysqlcluster.html#mysql-cluster-install-first-start). 12 Identity as a Service Powered by NetIQ Services Director Framework Installation Guide

2.4 A Sample config.ini File The following is a sample my.cnf file for a data node or an SLQ node of the cluster. # Options for mysqld process: [mysqld] ndbcluster default-storage-engine=ndbcluster # we're part of the cluster # run DNB storage engine as default #open-files-limit=2048 max_connections=1000 ndb-cluster-connection-pool=4 # Recommended settings for the Services Director skip-innodb thread_cache_size=4 query_cache_size=8m # Global Options for MySQL Cluster processes: [mysql_cluster] ndb-connectstring=10.0.0.2 You can update the config.ini file for the management node for your requirements based on the following sample: [ndbd default] # Options affecting ndbd processes on all data nodes: NoOfReplicas=2 # Number of replicas DataMemory=20M # How much memory to allocate for data storage IndexMemory=8M # How much memory to allocate for index storage # For DataMemory and IndexMemory, we have used the # default values. Since the "world" database takes up # only about 500KB, this should be more than enough for # this example Cluster setup. # To successfully install the Services Director, you must use the following parameters: # MaxNoOfAttributes = 12000 # MaxNoOfTables = 250 # MaxNoOfOrderedIndexes = 400 # MaxNoOfConcurrentOperations=250000 [tcp default] # TCP/IP options: # portnumber=2202 # This the default; however, you can use any # port that is free for all the hosts in the cluster # Note: It is recommended that you do not specify the port # number at all and simply allow the default value to be used # instead [ndb_mgmd] # Management process options: hostname=10.0.0.2 # Hostname or IP address of MGM node datadir=/var/lib/mysql-cluster # Directory for MGM node log files [ndbd] # (one [ndbd] section per data node) # Options for data node "A": hostname=10.0.0.8 # Hostname or IP address datadir=/usr/local/mysql/data # Directory for this data node's data files [ndbd] # Options for data node "B": Installing the Remote Database 13

hostname=10.0.0.4 # Hostname or IP address datadir=/usr/local/mysql/data # Directory for this data node's data files [mysqld] # SQL node options: hostname=10.0.0.9 # Hostname or IP address [api] hostname=10.0.0.7 [api] hostname=10.0.0.7 [api] hostname=10.0.0.7 [mysqld] # SQL node options: hostname=10.0.0.3 ndb_restore) # Hostname or IP address # (additional mysqld connections can be # specific for this node for various # purposes such as running [api] hostname=10.0.0.6 [api] hostname=10.0.0.6 [api] hostname=10.0.0.6 14 Identity as a Service Powered by NetIQ Services Director Framework Installation Guide

3 3Installing the Services Director After you have installed the remote database, you can install the Services Director. You must download and deploy the VM image for the Services Director on a VM server. After the image is running, you run an installation script for the Services Director. Section 3.1, Installing the VM Image, on page 15 Section 3.2, Installing a Services Director, on page 17 3.1 Installing the VM Image The appliance is an Open Virtualization Format (OVF) virtual appliance that you must deploy to your VMware server. NetIQ provides OVF files of the VM images. Use the following sections to launch the appropriate VM image on your VMware server. 3.1.1 Determining which OVF File to Use NetIQ provides different OVF files for the different versions of VMWare. If you have VMware vcenter Server, you can configure the network settings before deploying the image. Otherwise, you must use YaST to configure your network settings after deploying the image. After you have downloaded the appliance VM image, you must extract the file to access the available OVF file. Use the following table to determine which OVF file you need. Table 3-1 OVF Files File Name css-director.ovf css-director-vcenter.ovf Description When you deploy the Services Director and you want to manually configure the networking settings, use this file. For instructions, see Section 3.1.2, Importing an OVF File without Configuring Network Settings, on page 15. When you deploy the Services Director and you want to configure your network settings before deploying the image, use this file. For instructions, see Section 3.1.3, Importing an OVF File in to vsphere or vsphere Hypervisor, on page 16. 3.1.2 Importing an OVF File without Configuring Network Settings If you want to manually configure your network settings with YaST or if you do not have VMware vcenter Server, you must use the procedure to import your OVF file. To import the OVF file: 1 Copy the css-director.ovf file to a computer. For more information, see Section 3.1.1, Determining which OVF File to Use, on page 15. Installing the Services Director 15

2 In the computer, run the VMware vsphere client. This client is available for download from your ESX or ESXi server. 3 From the toolbar, select File > Deploy OVF Template. 4 Follow the prompts to deploy the OVF file. TIP: If you deploy the appliance using the ovftool, you can configure the appliance properties from the command line and auto-start the VM so you do not have to use the vsphere client to configure the properties before starting the VM. 5 To start the VM image, in the toolbar, click Power on (green arrow icon). 6 To activate the mouse and keyboard for the console, click inside the console window. 7 Continue with Section 3.1.4, Configuring the VM Image, on page 16. 3.1.3 Importing an OVF File in to vsphere or vsphere Hypervisor If you have VMware vcenter Server and you want to configure your network settings before deploying the Services Director image, you must use the following procedure. To import the OVF file: 1 Copy the css-director-vcenter.ovf file to a computer. For more information, see Section 3.1.1, Determining which OVF File to Use, on page 15. 2 In the computer, run the VMware vcenter client for vsphere. This client is available for download from your vsphere or vsphere Hypervisor server. 3 From the toolbar, select File > Deploy OVF Template. 4 Follow the prompts to deploy the OVF file. 5 In the Properties step, select auto-configure, then specify your network configuration information for the VM image. 6 Continue following the prompts. The image is ready for you to install the Services Director. You do not need to run YaST to configure the network settings. Proceed to Section 3.2, Installing a Services Director, on page 17. 3.1.4 Configuring the VM Image Use the following instructions to configure the Services Director image using YaST. You must have copied the Services Director VM image to the VM server and launched it. For more information, see Section 3.1, Installing the VM Image, on page 15. To configure the VM image: 1 After launching the VM image, use the Tab key or Alt and the highlighted letter to navigate through the text-based user interface, then press Enter to select the appropriate option. 2 Use the following information to configure the VM image: 16 Identity as a Service Powered by NetIQ Services Director Framework Installation Guide

Table 3-2 VM Image Settings Settings Network Configuration Time Synchronization Root Password Description The VM image must have an assigned static IP address. Ensure that you define the following settings: IP address Subnet mask Host name Domain name Name server Domain search Default gateway The Services Director framework requires that you configure time synchronization between all of the Services Director VM images. As you configure time synchronization, select the Now and on boot option. Set a root password for the VM image and remember this password. 3.2 Installing a Services Director The Services Director contains the provider console and the tenant console. The console you access depends upon the URL that you enter and your permissions. To install the Services Director: 1 Install and configure a remote database. For more information, see Installing the Remote Database on page 11. 2 Install the appropriate number of VM images for a clustered Services Director. This release supports up to five Services Directors in a cluster. 3 Log in to the Services Director image as the root user. 4 Use the date command to verify that the image has the correct time. If the time is incorrect, use yast to synchronize the time before continuing. 5 Change to the /usr/share/ncss directory. 6 Run the install.sh script to make this image a Services Director. You can use either of the following options for a remote database:./install.sh -dr: The -d option makes the image a Services Director and the -dr option assumes that there is only one remote MySQL database../install.sh -dc: The -dc option makes the image a Services Director and assumes that your MySQL is clustered. The -dc option handles as many MySQL nodes as you want to use. 7 Use the following information at the prompts. (Conditional) How Many SQL Nodes? Specify the number of SQL nodes you have. You see this option only with the -dc option. (Conditional) SQL node 1 IP Address: Specify the IP address or the DNS name of the first SQL node. This prompt is present for the number of nodes you specified. (Conditional) SQL node 1 Port: Specify the port for communication to the MySQL database. This prompt is present for the number of nodes you specified. Installing the Services Director 17

(Conditional) MySQL Remote Database IP Address: Specify the IP address or DNS name of the server running the MySQL database. Must be a static IP address. This option is displayed only with the -dr option. (Conditional) MySQL Remote Database Port: Specify the port for communication to the MySQL database. This option is displayed only with the -dr option. MySQL Database Username: Specify the administrator of the MySQL database. MySQL Database Password: Specify the password of the administrator. 8 Wait for the install.sh script to finish. 9 Log in to the provider console. 9a In a browser, enter the following URL: https://services Director_DNS_Name/css/Provider 9b Log in with the following credentials: Name: superadmin@ncssadmin.com Password: superadmin 10 Click System in the toolbar. 11 In the Director Management tab, click New. 12 Wait for the console to display a URL for the new entry. 13 Click the URL, then save the DirectorInstance.ini file. 14 Log in to one of the other Services Director images as the root user. 15 Copy the DirectorInstance.ini file to the other Services Director image. 16 Change to the /usr/share/ncss directory. 17 Run the install.sh script with the -dm switch, which makes this image a cluster member. Director cluster member:./install.sh -dm /root/directorinstance.ini 18 (Conditional) If you have another image that you want to add to the cluster, repeat Step 9 through Step 17. Otherwise, continue on with Step 19. 19 Configure an L4 switch or a DNS round-robin for the cluster members. If you are setting up a DNS round-robin, add the additional IP addresses to the DNS server with the same DNS name as the first Services Director. If you are setting up an L4 switch, change the Services Director certificate and domain name to the name of the L4 switch. 18 Identity as a Service Powered by NetIQ Services Director Framework Installation Guide

4 4Creating a Tenant After you have completed the installation of the Services Director, you need to create a tenant. To create a new tenant account in the provider console: 1 Log in to the provider console. https://director_dns_name/css/provider 2 In the Tenants panel, click New. 3 Use the following information to fill in the New Tenant form: Name: Specify a descriptive name for the tenant. You must create a unique name for each tenant. Alias: Specify a unique value for the tenant. The Services Director uses this value when generating metering reports. The field is limited to 20 character is 20. Super Admin Email: Specify the tenant administrator s email address. You must specify an address that is not being used by any other tenant. 4 (Optional) Click the Contacts tab to add the information for a contact person at the tenant site. 5 Click OK, to save the tenant configuration. 6 Repeat this procedure for each tenant you want to create. Creating a Tenant 19

20 Identity as a Service Powered by NetIQ Services Director Framework Installation Guide

5 5Upgrading the Services Director The Services Director framework allows you to export your configuration information so that it is easy to upgrade your Services Director. Upgrading the hosted services is a separate process for each service. To upgrade the Services Director: 1 Create an export of the configuration of the Services Director. 1a Log in to the provider console: https://director_dns_name/css/provider 1b Click System in the toolbar, then click the Director Management tab. 1c In the Actions column, click Export director configuration. 1d Save the file. 1e Repeat Step 1c and Step 1d for each Services Director. 2 Power off the old Services Director. 3 Install the new version of the Services Director using the configuration file. 3a Download a new VM image and load it into the hosting environment. For more information, see Section 3.1, Installing the VM Image, on page 15. Use the same DNS name and IP address of the original Services Director. 3b Create a new Services Director image. For more information, see Section 3.2, Installing a Services Director, on page 17. 3c Copy the most current exported Services Director configuration file, from the corresponding original Services Director, to the /root directory of the new Services Director. 3d Run the install script with an absolute reference to the DirectorExport.zip file. 3d1 Change to the /usr/share/ncss directory. 3d2 Run the script with the following command:./install.sh -d /root/directorexport.zip If you copied the file to a different directory, change the path in the command. or Run the install script with the following command if you use a remote database:./install.sh -dr /root/directorexport.zip or Run the install script with the following command if you use a clustered remote database:./install.sh -dc /root/directorexport.zip 4 Log in to the provider console, verify your configuration, and verify that all components are healthy. Upgrading the Services Director 21

5 Delete the old Services Director image from your VM management console. 6 Repeat Step 2 through Step 5 for each Services Director. To upgrade the hosted services, see each services guide. 22 Identity as a Service Powered by NetIQ Services Director Framework Installation Guide

6 6Troubleshooting Use the following information to help in troubleshooting any issue that might arise. Section 6.1, Verifying the Version of the Services Director, on page 23 Section 6.2, Restarting the Services Director, on page 23 6.1 Verifying the Version of the Services Director To verify the version of the Services Director: 1 Log in to the provider console: https://director_dns_name/css/provider 2 In the toolbar, click Actions > About to view the version of the Services Director. 6.2 Restarting the Services Director You have to reboot your Services Director after you perform an upgrade. You can reboot the image or you can just restart the Services Director. To restart the Services Director: 1 Log in to the Services Director image as the root user. 2 To restart all the Services Director services, enter the following command: rctomcat6 restart 3 Wait for Tomcat to stop and restart. 4 (Optional) To verify the status of the start, tail the catalina.out file: tail -f /var/log/tomcat6/catalina.out When the following message appears, the Services Director is running and you can log in to the provider console: INFO: Server startup in 102065 ms Troubleshooting 23

24 Identity as a Service Powered by NetIQ Services Director Framework Installation Guide