Enterprise Single Sign-On 8.0.3 Installation and Configuration Guide Dedicated Directory Replication
Copyright 1998-2009 Quest Software and/or its Licensors ALL RIGHTS RESERVED. This publication contains proprietary information protected by copyright. The software described in this publication is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical or otherwise without the prior written permission of the publisher. DISCLAIMER The information in this publication is provided in connection with Quest branded products from Evidian. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this publication. EXCEPT AS OTHERWISE SPECIFIED IN THE END USER LICENSE AGREEMENT FOR THIS PRODUCT, EVIDIAN AND QUEST ASSUME NO LIABILITY WHATSOEVER AND DISCLAIM ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO THIS PRODUCT, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL EVIDIAN OR QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS PUBLICATION, EVEN IF EVIDIAN OR QUEST HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Evidian and Quest make no representations or warranties with respect to the accuracy or completeness of the contents of this publication and reserve the right to make changes to specifications and product descriptions at any time without notice. Evidian and Quest do not make any commitment to update the information contained in this publication. The information and specifications in this publication are subject to change without notice. Trademarks Quest, Quest Software, the Quest Software logo, Aelita, AppAssure, Benchmark Factory, Big Brother, DataFactory, DeployDirector, ERDisk, Foglight, Funnel Web, I/Watch, Imceda, InLook, IntelliProfile, InTrust, IT Dad, I/Watch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, NBSpool, NetBase, Npulse, PerformaSure, PL/Vision, Quest Central, RAPS, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL LiteSpeed, SQL Navigator, SQL Watch, SQLab, Stat, Stat!, StealthCollect, Tag and Follow, Toad, T.O.A.D., Toad World, Vintela, Virtual DBA, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. The terms Evidian, AccessMaster, SafeKit, OpenMaster, SSOWatch, WiseGuard, Enatel and CertiPass are trademarks registered by Evidian. All other trademarks mentioned in this document are the propriety of their respective owners. World Headquarters, 5 Polaris Way, Aliso Viejo, CA 92656 Website: www.quest.com Please refer to our website for regional and international office information. Quest Enterprise SSO Updated January 2010 Software version 8.0.3
CONTENTS About This Guide... 3 Access Management... 3 Conventions... 4 1. Overview... 5 2. Installing the Dedicated Directory... 6 2.1 Installing the Dedicated Directory on Windows XP Professional Edition / Windows 2003 Server... 6 2.2 Installing the Dedicated Directory on Windows 2003 Server R2... 7 2.3 Installing the Dedicated Directory on Windows 2008 Server / Windows 2008 Server R2... 7 3. Configuring the Dedicated Directory... 8 3.1 Configuring the Dedicated Directory on Windows XP Professional Edition / Windows 2003 Server / Windows 2003 Server R2... 8 3.2 Configuring the Dedicated Directory on Windows Server 2008 / Windows Server 2008 R2... 13 4. Configuring E-SSO... 17 About Quest Software, Inc.... 18 Contacting Quest Software... 18 Contacting Quest Support... 18 i
Installation and Configuration Guide About This Guide Access Management Subject Intended Reader Software/Hardware Required Supported Operating Systems This guide describes how to install a replicated directory for E-SSO. System integrators. Administrators. Enterprise SSO 8 evolution 3 and later versions. For more information about the versions of the required operating systems and software solutions quoted in this guide, please refer to Quest Enterprise SSO Release Notes. The Dedicated Directory Replication runs only on the following Windows systems: Windows 2008 Server / Windows 2008 Server R2 Windows 2003 Server R2 Windows 2003 Server Windows XP Professional Edition (for testing purpose only) 3
Quest Enterprise SSO 8.0.3 Dedicated Directory Replication Conventions In order to help you get the most out of this guide, we have used specific formatting conventions. These conventions apply to procedures, icons, keystrokes and crossreferences. ELEMENT Select Bolded text Italic text Bold Italic text Blue text CONVENTION This word refers to actions such as choosing or highlighting various interface elements, such as files and radio buttons. Interface elements that appear in Quest products, such as menus and commands. Used for comments. Introduces a series of procedures. Indicates a cross-reference. When viewed in Adobe Acrobat, this format can be used as a hyperlink. Used to highlight additional information pertinent to the process being described. Used to provide Best Practice information. A best practice details the recommended course of action for the best result. Used to highlight processes that should be performed with care. + A plus sign between two keystrokes means that you must press them at the same time. A pipe sign between elements means that you must select the elements in that particular sequence. 4
Installation and Configuration Guide 1. Overview Subject This guide explains how to install and configure a replicated directory for E-SSO. This installation is recommended for high availability. You can install as many replicated directories as needed and each of them can be safely uninstalled. You must first install the directory software, then configure a new directory instance. 5
Quest Enterprise SSO 8.0.3 Dedicated Directory Replication 2. Installing the Dedicated Directory Subject Installing the dedicated directory activates dedicated directory software components on the server. Depending on the operating system, the installation procedure differs. Before Starting An E-SSO Controller must already be installed. The additional server must: Be a member of the Active Directory on which E-SSO is configured. Not be an Active Directory domain controller. 2.1 Installing the Dedicated Directory on Windows XP Professional Edition / Windows 2003 Server It enables you to install the Active Directory Application Mode (ADAM). The replicated directory installer is available from the installer in the following directory: QuickInstall\Controller\Support\ADAMSP1_x86_English.exe. 6
2.2 Installing the Dedicated Directory on Windows 2003 Server R2 Subject Installation and Configuration Guide You must install the ADAM Windows component provided with the operating system as follows. Procedure 1. Log on as a local administrator. 2. Click the Windows Start button, point to Parameters and click Control Panel. The Control Panel window opens. 3. Click the Add or Remove Programs icon. The Add or Remove Programs window opens. 4. Click the Add/Remove Windows Components button. 5. Select the Active Directory Services check box and click Details. 6. Select the Active Directory Application Mode check box and click OK. 7. Click Next. 8. Click Finish. 2.3 Installing the Dedicated Directory on Windows 2008 Server / Windows 2008 Server R2 Subject You must add the Active Directory Lightweight Directory Services (AD LDS) role to your server. Procedure 1. Click the Windows Start button and click Server Manager. The Server Manager window opens. 2. In the Console tree, right-click Roles and click Add Roles. The Add Roles Wizard opens. 3. Check the information on the Before You Begin page and click Next. 4. In the Roles list of the Select Server Roles page, select the Active Directory Lightweight Directory Services check box and click Next. 5. Follow the last steps of the Wizard to finish adding the AD LDS server role. 7
Quest Enterprise SSO 8.0.3 Dedicated Directory Replication 3. Configuring the Dedicated Directory Subject When you installed the E-SSO Controller, you chose a domain account to be the technical administrator of the dedicated server. This account is needed twice during the replica configuration. This task enables you to have high availability and scalability of E-SSO. 3.1 Configuring the Dedicated Directory on Windows XP Professional Edition / Windows 2003 Server / Windows 2003 Server R2 Subject Once the dedicated directory is installed, you must now configure it. Procedure 1. Click the Windows Start button, point to All Programs then to ADAM and click Create an ADAM instance. The Wizard window opens. 8
Installation and Configuration Guide 2. Fill-in the Wizard as follows: ACTION ILLUSTRATION 1. Select A replica of an existing instance. 2. Click Next. 1. In the Instance name field, type in ESSOServer. 2. Click Next. 1. In the LDAP port number field, type in 55000. 2. In the SSL port number field, type in 55001. 3. Click Next. 9
Quest Enterprise SSO 8.0.3 Dedicated Directory Replication ACTION ILLUSTRATION 1. In the Server field, type in the Fully Qualified DNS Name of the previously installed E-SSO Controller or click the Browse button. 2. In the LDAP port field, type in 55000. 3. Click Next. 1. Select This account. 2. In the Username field, type in the technical administrator account described above. 3. In the Password field, type in your Password. 4. Click Next. 1. Click the Add button to add the O=IAM partition. 2. Click Next. 10
Installation and Configuration Guide ACTION ILLUSTRATION Click Next. 1. The default selection is Network service account. 2. Click Next. 1. Select This account and in the Account name field, type in the technical administrator account described above or click the Browse button. 2. Click Next. 11
Quest Enterprise SSO 8.0.3 Dedicated Directory Replication ACTION ILLUSTRATION Click Next. 1. The Active Directory Application Mode is now configured. 2. Click Finish. 12
Installation and Configuration Guide 3.2 Configuring the Dedicated Directory on Windows Server 2008 / Windows Server 2008 R2 Subject Once the dedicated directory is installed, you must now configure it. Procedure 1. Click the Windows Start button, point to Administrative Tools and click Active Directory Lightweight Directory Services Setup Wizard. The Wizard window opens. 2. Fill-in the Wizard as follows: ACTION ILLUSTRATION 1. Select A replica of an existing instance. 2. Click Next. 1. In the Instance name field, type in ESSOServer. 2. Click Next. 13
Quest Enterprise SSO 8.0.3 Dedicated Directory Replication ACTION ILLUSTRATION 1. In the LDAP port number field, type in 55000. 2. In the SSL port number field, type in 55001. 3. Click Next. 1. In the Server field, type in the Fully Qualified DNS Name of the previously installed E-SSO Controller or click the Browse button. 2. In the LDAP port field, type in 55000. 3. Click Next. 1. Select This account. 2. In the Username field, type in the technical administrator account described above. 3. In the Password field, type in your Password. 4. Click Next. 14
Installation and Configuration Guide ACTION ILLUSTRATION 1. Select the O=IAM check box. 2. Click Next. Click Next. 1. The default selection is Network service account. 2. Click Next. 15
Quest Enterprise SSO 8.0.3 Dedicated Directory Replication ACTION ILLUSTRATION 1. Select This account. 2. In the Account name field, type in the technical administrator account described above or click the Browse button. 3. Click Next. 3. Follow the last steps of the Wizard to finish the AD LDS configuration. 16
Installation and Configuration Guide 4. Configuring E-SSO Subject Now that your replicated directory is installed, (see Section 2, Installing the Dedicated Directory), you must configure the E-SSO Controller and workstation with the ESSO Installer to use the new directory. Procedure 1. In the root file, double-click the start.hta file. 2. In the E-SSO Advanced Installation section click one of the Enterprise SSO versions. 3. In the Software Installation section, click Configure workstation. You must specify the 55000 port number, using the format: replicainstance.domain.com:55000. 17
Quest Enterprise SSO 8.0.3 Dedicated Directory Replication About Quest Software, Inc. Now more than ever, organizations need to work smart and improve efficiency. Quest Software creates and supports smart systems management products helping our customers solve everyday IT challenges faster and easier. Visit www.quest.com for more information. Contacting Quest Software Phone 949.754.8000 (United States and Canada) Email info@quest.com Mail Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA Web site www.quest.com Please refer to our Web site for regional and international office information. Contacting Quest Support Quest Support is available to customers who have a trial version of a Quest product or who have purchased a Quest product and have a valid maintenance contract. Quest Support provides unlimited 24x7 access to SupportLink, our self-service portal. Visit SupportLink at http://support.quest.com/ From SupportLink, you can do the following: Retrieve thousands of solutions from our online Knowledgebase Download the latest releases and service packs Create, update and review Support cases View the Global Support Guide for a detailed explanation of support programs, online services, contact information, and policy and procedures. The guide is available at: http://support.quest.com. 18