Identity as a Service Powered by NetIQ Privileged Account Manager Service Installation and Configuration Guide



Similar documents
Identity as a Service Powered by NetIQ Solution Overview Guide

NetIQ AppManager for Self Monitoring UNIX and Linux Servers (AMHealthUNIX) Management Guide

NetIQ Directory and Resource Administrator NetIQ Exchange Administrator. Installation Guide

NetIQ Identity Manager

Using NetIQ's Implementation of NetFlow to Solve Customer's Problems Lecture Manual

Installation Guide NetIQ AppManager

Common Driver Administration Guide. Identity Manager 4.0.2

NetIQ Identity Manager

User Guide Secure Configuration Manager

NetIQ Aegis Adapter for Databases

NetIQ Privileged User Manager

NetIQ AppManager for Self Monitoring (AM Health) Management Guide

Integration With Third Party SIEM Solutions

Identity as a Service Powered by NetIQ Services Director Installation Guide

Reporting Guide NetIQ Reporting Center

NetIQ Group Policy Administrator User Guide

NetIQ Aegis Adapter for VMware vcenter Server

NetIQ Identity Manager Identity Reporting Module Guide

WebTrends 7 Backup and Restore for MySQL Databases

NetIQ Identity Manager

Installation Guide Advanced Authentication - Linux PAM Client. Version 5.3

Driver for NetIQ Privileged User Manager Implementation Guide. Identity Manager 4.0.2

Using the Message Releasing Features of MailMarshal SMTP Technical White Paper October 15, 2003

Installation and Configuration Guide. NetIQ Security Manager UNIX Agent

How To Use Netiq Access Manager (Netiq) On A Pc Or Mac Or Macbook Or Macode (For Pc Or Ipad) On Your Computer Or Ipa (For Mac) On An Ip

How To Monitor An Exchange Server With Netiqmc On A Windows 7.X.X (Windows 7) On A Microsoft Powerbook 2.X862 (Windows) On An Ubuntu 7.5 (Windows 8) On Windows

NetIQ Identity Manager Setup Guide

NetIQ SecureLogin includes new features, improves usability, and resolves several previous issues.

Identity as a Service Powered by NetIQ IdentityAccess Service Configuration and Administration Guide

Access Gateway Guide Access Manager 4.0 SP1

PlateSpin Forge 4. Rebuilding Forge 4 Appliance 2. June 14, 2014

NetIQ AppManager for NetBackup UNIX

NetIQ AppManager for Microsoft Cluster Server. Management Guide

Driver for Active Directory Implementation Guide. Identity Manager 4.0.2

Setup Guide Access Manager 3.2 SP3

NetIQ Cloud Manager 2.4 Procedures Guide

Administration Guide NetIQ Privileged Account Manager 3.0.1

NetIQ Identity Manager

NetIQ Certificate Server 8.8 SP8. Administration Guide

Administration Guide NetIQ Sentinel

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

PlateSpin Migrate 11.1 Installation and Upgrade Guide

PlateSpin Protect Installation and Upgrade Guide

NetIQ Identity Manager

Identity Server Guide Access Manager 4.0

SSL VPN User Guide. Access Manager 4.0. November 2013

NetIQ AppManager for Microsoft SharePoint Server. Management Guide

Service Level Agreement Guide. Operations Center 5.0

Installation and Configuration Guide. NetIQ Security and Compliance Dashboard

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

NetIQ AppManager for Cisco Interactive Voice Response. Management Guide

Driver for Delimited Text Implementation Guide. Identity Manager 4.0.2

Installation Guide Access Manager 4.0 SP2

Centrify Mobile Authentication Services for Samsung KNOX

NetIQ AppManager for IBM WebSphere Application Server UNIX Management Guide

Centrify Mobile Authentication Services

Administration Guide. NetIQ Sentinel 7.1. June 2013

Administration Guide. SecureLogin 8.0. October, 2013

Upgrading to MailMarshal Version 6.0 SMTP Technical Reference

NetIQ AppManager for Apache Server UNIX Management Guide

NetIQ AppManager for BlackBerry Enterprise Server. Management Guide

Driver for Oracle E-Business Suite (User Management, HR, and TCA) Implementation Guide

SSL VPN Server Guide. Access Manager 4.0. November 2013

Setup Guide Access Manager Appliance 3.2 SP3

Driver for Sentinel. Implementation Guide. June 2013

NetIQ AppManager ResponseTime for Microsoft Active Directory Management Guide

Copy Tool For Dynamics CRM 2013

NetIQ AppManager for Cisco Unified Communications Manager. Management Guide

NetIQ AppManager for WebLogic Server UNIX. Management Guide

Identity as a Service Powered by NetIQ Account Management Service Installation and Administration Guide

NetIQ Sentinel Quick Start Guide

NetIQ imanager Administration Guide. September 2013

NetIQ Access Manager. Developer Kit 3.2. May 2012

Data Integrator Guide

Google Cloud Print. Administrator's Guide

Citrix and Terminal Services Guide SecureLogin 8.1

User Guide NetIQ Identity Manager Home and Provisioning Dashboard

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

NetIQ edirectory 8.8 SP8 Installation Guide

Server Configuration and Customization Guide. Operations Center 5.0

NetIQ Client Login Extension Administration Guide

Oracle Enterprise Manager

User Guide. Directory and Resource Administrator Exchange Administrator. Directory and Resource Administrator Exchange Administrator User Guide

Real-Time Security for Active Directory

NetIQ AppManager for Microsoft Lync Management Guide

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

Optimizing Business Continuity Management with NetIQ PlateSpin Protect and AppManager. Best Practices and Reference Architecture

NetIQ AppManager for Cisco Intelligent Contact Management. Management Guide

PlateSpin Recon 4.1 User Guide

Oracle Fusion Middleware

MailMarshal Exchange in a Windows Server Active/Passive Cluster

2 Installing Privileged User Manager 2.3

Transcription:

Identity as a Service Powered by NetIQ Privileged Account Manager Service Installation and Configuration Guide July 2015 www.netiq.com/documentation

Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU. For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time. U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-dod acquisitions), the government s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement. 2015 NetIQ Corporation. All Rights Reserved. For information about NetIQ trademarks, see https://www.netiq.com/company/legal/.

Contents About this Book and the Library 5 About NetIQ Corporation 7 1 Installing the Privileged Account Manager Service 9 1.1 Requirements.................................................................... 9 1.2 Installing the Manager for Privileged Account Manager................................... 10 1.3 Installing an Agent for Privileged Account Manager...................................... 11 1.4 Uninstalling an Agent............................................................. 11 Contents 3

4 Identity as a Service Powered by NetIQ Privileged Account Manager Service Installation and Configuration

About this Book and the Library The Identity as a Service Powered by NetIQ Privileged Account Manager Service Installation and Configuration Guide provides installation and configuration instructions for Privileged Account Manager Service. Intended Audience This book provides information for providers that are responsible for deploying and managing Privileged Account Manager Service. Other Information in the Library The library provides the following information resources: Identity as a Service Powered by NetIQ Solution Overview Guide Provides overview and architectural information about the services included in the Identity as a Service Powered by NetIQ solution. Identity as a Service Powered by NetIQ Services Director Installation Guide Provides detailed planning and installation information for the NetIQ Services Director. Identity as a Service Powered by NetIQ Provider Administration Guide Provides step-by-step guidance for the many tasks a provider performs for tenants. The guide also contains information on how to manage and maintain your Services Director. Identity as a Service Powered by NetIQ Tenant Administration Guide Provides step-by-step guidance for the tasks a tenant performs. Identity as a Service Powered by NetIQ IdentityAccess Service Installation Guide Provides detailed installation information for the IdentityAccess Service appliance. Identity as a Service Powered by NetIQ IdentityAccess Service Configuration and Administration Guide Provides detailed configuration and administration information for the IdentityAccess Service appliance. Identity as a Service Powered by NetIQ IdentityAccess Service Connectors Guide Provides configuration and management information about the connectors used with the IdentityAccess Service appliance. Identity as a Service Powered by NetIQ IdentityAccess Service Mobile Users QuickStart Contains basic steps for users to configure and use the MobileAccess service that is part of the IdentityAccess Service. About this Book and the Library 5

Identity as a Service Powered by NetIQ Account Management Service Installation and Administration Guide Provides detailed installation and configuration information for the Account Management Service appliance. Identity as a Service Powered by NetIQ Technical References Provide more detailed information about different features of the Identity as a Service Powered by NetIQ solution. Help Provides context-sensitive information and step-by-step guidance for common tasks. 6 Identity as a Service Powered by NetIQ Privileged Account Manager Service Installation and Configuration

About NetIQ Corporation We are a global, enterprise software company, with a focus on the three persistent challenges in your environment: Change, complexity and risk and how we can help you control them. Our Viewpoint Adapting to change and managing complexity and risk are nothing new In fact, of all the challenges you face, these are perhaps the most prominent variables that deny you the control you need to securely measure, monitor, and manage your physical, virtual, and cloud computing environments. Enabling critical business services, better and faster We believe that providing as much control as possible to IT organizations is the only way to enable timelier and cost effective delivery of services. Persistent pressures like change and complexity will only continue to increase as organizations continue to change and the technologies needed to manage them become inherently more complex. Our Philosophy Selling intelligent solutions, not just software In order to provide reliable control, we first make sure we understand the real-world scenarios in which IT organizations like yours operate day in and day out. That's the only way we can develop practical, intelligent IT solutions that successfully yield proven, measurable results. And that's so much more rewarding than simply selling software. Driving your success is our passion We place your success at the heart of how we do business. From product inception to deployment, we understand that you need IT solutions that work well and integrate seamlessly with your existing investments; you need ongoing support and training post-deployment; and you need someone that is truly easy to work with for a change. Ultimately, when you succeed, we all succeed. Our Solutions Identity & Access Governance Access Management Security Management Systems & Application Management Workload Management Service Management About NetIQ Corporation 7

Contacting Sales Support For questions about products, pricing, and capabilities, contact your local partner. If you cannot contact your partner, contact our Sales Support team. Worldwide: www.netiq.com/about_netiq/officelocations.asp United States and Canada: 1-888-323-6768 Email: Website: info@netiq.com www.netiq.com Contacting Technical Support For specific product issues, contact our Technical Support team. Worldwide: www.netiq.com/support/contactinfo.asp North and South America: 1-713-418-5555 Europe, Middle East, and Africa: +353 (0) 91-782 677 Email: Website: support@netiq.com www.netiq.com/support Contacting Documentation Support Our goal is to provide documentation that meets your needs. The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at www.netiq.com/ documentation. You can also email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you. Contacting the Online User Community NetIQ Communities, the NetIQ online community, is a collaborative network connecting you to your peers and NetIQ experts. By providing more immediate information, useful links to helpful resources, and access to NetIQ experts, NetIQ Communities helps ensure you are mastering the knowledge you need to realize the full potential of IT investments upon which you rely. For more information, visit http://community.netiq.com. 8 Identity as a Service Powered by NetIQ Privileged Account Manager Service Installation and Configuration

1 1Installing the Privileged Account Manager Service You can host Privileged Account Manager through the Services Director for your tenants. This gives you the ability to help your tenants control the administrative accounts. For more information, see NetIQ Privileged Account Manager Service Architecture in the Identity as a Service Powered by NetIQ Solution Overview Guide. Providing the Privileged Account Manager Service to your tenants requires that you install the Privileged Account Manager components, either on VM images or standalone computers. This allows you to manage this service for your tenants through the provider console. There are multiple components to Privileged Account Manager Service. You must perform the steps in the order listed. Before starting the installation, verify that you have met all of the requirements and gathered all of the required information for the installation. 1.1 Requirements Gather all of the following requirements for Privileged Account Manager Service before starting the installation. Requirements NetIQ Services Director 2.3 or above SUSE Linux Enterprise Server 11 SP3 64-bit for the manager for Privileged Account Manager The NetIQ Services Director installed and configured. Install the following packages on this VM image or standalone computer: tomcat6 unzip ntp gettext-runtime sudo xmlstarlet NOTE: This package is in the SUSE Linux Enterprise Server 11 SP3 SDK, not on the regular media. java-1.7.0-ibm Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for java-1.7.0- ibm NOTE: This package is not available from NetIQ. You must download it from IBM and it requires account registration and verification of your country. Installing the Privileged Account Manager Service 9

Requirements Additional Files Gather the following files to use during the installation: ncss-service-pammanager.tgz From the NetIQ PAM-3.x.x DVD: netiq-npam-manager-3.x.x-linux-2.6- x86_64.rpm netiq-npum-agent-3.x.x-linux-2.6- x86_64.rpm netiq_pam_agent_3.x.x_x64.msi 1.2 Installing the Manager for Privileged Account Manager Complete the following steps to install the manager for Privileged Account Manager as a service. NOTE: For proper functioning of the Services Director and the manager for Privileged Account Manager, DNS name resolution is required in both directions between these two servers. To install the manager: 1 Deploy SUSE Linux Enterprise Server 11 SP3 64-bit. 2 Install the following packages on this SUSE Linux Enterprise Server: tomcat6 unzip ntp gettext-runtime sudo xmlstarlet java-1.7.0-ibm Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for java- 1.7.0-ibm 3 Copy the following installation files to the server: ncss-service-pammanager.tgz netiq-npam-manager-3.x.x-linux-x.x-x86_64.rpm 4 Install the manager for Privileged Account Manager. rpm -i netiq-npam-manager-3.x.x-linux-x.x-x86_64.rpm 5 Unarchive ncss-service-pammanager.tgz. tar xvf ncss-service-pammanager.tgz 6 Install the three rpm files from the archive. rpm -i activemq-x.x.x-x.x.x86_64.rpm cssevents-x.x.x-x.x.noarch.rpm ncssservice-pammanager-x.x.x-xx.noarch.rpm 10 Identity as a Service Powered by NetIQ Privileged Account Manager Service Installation and Configuration

7 Navigate to the installation directory. cd /usr/share/ncss 8 Run the Privileged Account Manager service script with the -d -u parameters../install.sh -d Services_Director_DNS -u tenant_admin_name 9 Verify the installation as follows: 9a Ensure that no errors appear on the installation screen. 9b Log in to the provider console as a Super Admin user. https://services_director_dns_name/css/provider 9c Click Tenants, then click the tenant where you installed the manager. 9d In the Security Services panel, expand the Privileged Account Manager Service and verify that the state is Operational. 1.3 Installing an Agent for Privileged Account Manager There is a Privileged Account Manager Linux agent and a Privileged Account Manager Windows agent. Use the following information to install the agent for your operating system. To install the agent: 1 Deploy the Linux or Windows server. For supported versions of the operating systems, see the NetIQ Privileged User Manager Installation Guide (https://www.netiq.com/documentation/privilegedusermanager23/ npum_install/data/bjf3sug.html). 2 Copy the Privileged Account Manager agent to the server. 3 Install the agent: Linux: rpm -i netiq-npum-agent-3.x.x-linux-xxx.rpm Windows: Run the netiq_pam_agent_3.x.x_x64.msi file. 4 Register the agent with the Services Director: Linux: /opt/netiq/npum/sbin/unifi regclnt ncssregister Windows:...npum\bin\unifi.exe regclnt ncssregister 5 Verify the installation as follows: 5a Log in to the provider console as a Super Admin user. https://services_director_dns_name/css/provider 5b Click Tenants, then click the tenant where you installed the agent. 5c In the Security Services panel, expand the Privileged Account Manager Service and verify that the agent state is Updated. 1.4 Uninstalling an Agent You can uninstall an agent from the Privileged Account Manager Service. Installing the Privileged Account Manager Service 11

To uninstall the agent: 1 On the server where the agent is installed, run the following command: Linux: /opt/netiq/npum/sbin/unifi regclnt ncssregister -x Windows:...\npum\bin\unifi.exe regclnt ncssregister -x Running the above command should remove the agent from the agent server, the manager console for Privileged Account Manager, and the tenant console. If the agent server no longer exists, or if the unregister fails for any reason, you can perform the steps to delete it from the tenant console. 2 Log in to the provider console as a Super Admin user. https://services_director_dns_name/css/provider 3 Click Tenants, then click the appropriate tenant. 4 In the Security Services panel, expand the Privileged Account Manager Service. 5 Next to the agent, click Delete. The Services Director sends a message to the manager for Privileged Account Manager and removes the agent from the list of hosts so you have to delete the agent from only one place. 12 Identity as a Service Powered by NetIQ Privileged Account Manager Service Installation and Configuration

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information