Privileged User Manager 2.3.3 setup and configuration with NetIQ Cloud Security Service Product

0 Likes

This is a step-by-step procedure to help customers and partners configure and set up NetIQ Privileged User Manager 2.3.3 with NetIQ Cloud Security Service.


NPUM Manager Setup


---------------------------------------

    1. Deploy SLES11 SP2

        1. Requires: tomcat6, unzip, ntp, gettext-runtime, sudo, java-1.7.0-ibm


 

    1. Copy setup files to VM

        1. managedcssvc.tgz

        1. netiq-npum-manager-2.3.3-linux-2.6-x86_64.rpm

        1. pummgr.war


 

    1. Install netiq-npum-manager

        1. rpm -i netiq-npum-manager-2.3.3-linux-2.6-x86_64.rpm


 

    1. Unarchive managedcssvc.tgz

        1. tar –xvf managedcssvc.tgz


 

    1. Install the three rpms from archive

        1. rpm -i managedcssvc-2.0.0-0.1.noarch.rpm activemq-5.5.1-3.1.x86_64.rpm cssevents-1.0.0-0.1.noarch.rpm


 

    1. Copy pummgr.war to /usr/share/ncss/repo

        1. cp pummgr.war /usr/share/ncss/repo/






NPUM Linux Agent Setup


----------------------------------------


    1. Deploy SLES11 SP2

 

    1. Copy NPUM Agent to VM

 

    1. Install Agent

        1. rpm -i netiq-npum-agent-2.3.3-linux-2.6-x86_64.rpm







NPUM Windows Agent Setup


----------------------------------------------

    1. Deploy Windows VM

 

    1. Copy NPUM Agent to Windows VM

 

    1. Install Agent



      1. Run supplied MSI






NCSS NPUM Setup


--------------------------

    1. Install Director

        1. deploy and configure NCSS image

        1. cd /usr/share/ncss

        1. ./install.sh -d

        1. wait for install to finish (to test, make sure you can login to provider console URL: https://<DIRECTOR_DNS>/css/Provider USER/PASSWORD: superadmin@ncssadmin.com/superadmin )


 

    1. Setup Catalog Scripts (requires curl, only tested on SuSE Linux)

        1. Unarchive catalog file

        1. cd ./scripts directory

        1. edit director.dns.dat with your director dns name

        1. cd ./scripts/catalog


 

    1. Import PUM Service Template

        1. ./postPUMServiceTemplate

        1. Examine output:

          <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
          <ncssCatalog xmlns="urn:novell:schema:ncss:catalog" version="v.1.0">
          <response code="CREATED">
          <serviceTemplateId>50554d95-995d-4b4c-892e-6123bf537663</serviceTemplateId>
          </response>
          </ncssCatalog>


 

    1. Create Tenant

        1. ./postTenantList -a admin-mail@tenantOne.com -n tenantOne

        1. Save tenantId from response: <tenantId>ec0bb59c-e9a5-41d0-b665-896e77c3c32e</tenantId>


 

    1. Add PUM Manager To Tenant

        1. ./postTenantServiceComponentPUMManager -t <tenantId>

          example: ./postTenantServiceComponentPUMManager -t ec0bb59c-e9a5-41d0-b665-896e77c3c32e

        1. Save componentInstanceId from response: <componentInstanceId>aba07021-ea99-4ea8-ac1c-f3a1eb3d03cc</componentInstanceId>


 

    1. Get PUM Manager INI File

        1. ./getTenantServiceComponentIniFile -t <tenantId> -c <serviceInstanceId>

          Example: getTenantServiceComponentIniFile -t ec0bb59c-e9a5-41d0-b665-896e77c3c32e -c aba07021-ea99-4ea8-ac1c-f3a1eb3d03cc

        1. Response is in getTenantServiceComponentIniFile.reply


 

    1. Copy PUM Manage INI file to PUM Manager VM

        1. scp getTenantServiceComponentIniFile.reply root@<PUMManager IP>:/root/


 

    1. Install PUM Manager

        1. cd /usr/share/ncss

        1. ./install.sh –m <inifile>

          Example: ./install.sh -m /root/getTenantServiceComponentIniFile.reply


 

    1. Add PUM Agent To Tenant

        1. /postTenantServiceComponentPUMAgent -t <tenantId> –c <PUM Manager componentInstanceId>

          /postTenantServiceComponentPUMAgent -t ec0bb59c-e9a5-41d0-b665-896e77c3c32e –c aba07021-ea99-4ea8-ac1c-f3a1eb3d03cc

        1. Save componentInstanceId from response: <componentInstanceId>c62bcd09-36b2-448a-90ff-c7a485d1bf6c</componentInstanceId>


 

    1. Get PUM Agent INI File

        1. ./getTenantServiceComponentIniFile -t <tenantId> -c <PUM Agent componentInstanceId>

          Example: ./getTenantServiceComponentIniFile –t ec0bb59c-e9a5-41d0-b665-896e77c3c32e –c c62bcd09-36b2-448a-90ff-c7a485d1bf6c


 

    1. COPY PUM Agent INI file to PUM Agent VM

        1. scp getTenantServiceComponentIniFile.reply root@<PUMAgent IP>:/root/


 

    1. Install PUM Agent

        1. If Linux Agent:

          /opt/novell/npum/sbin/unifi regclnt ncssRegister <ini file>

          Example: /opt/novell/npum/sbin/unifi regclnt ncssRegister /root/getTenantServiceComponentIniFile.reply

        1. If Windows Agent:

          c:\Program Files\Novell\npum\bin\unifi.exe regclnt ncssRegister -f <ini file>

          Example: “c:\Program Files\Novell\npum\bin\unifi.exe” regclnt ncssRegister –f "c:\Users\Administrator\pum\getTenantServiceComponentIniFile.reply"






Delete PUM Agent


-------------------------

    1. Remove the PUMAgent from the Windows or Linux workload.

        1. Linux:

          rpm -e netiq-npum-2.3.3-0

        1. Windows:

          "Control Panel:Add Remove Programs"


 

    1. From NCSS Tenant Console click edit icon of the PUMAgent

        1. note the PUMAgent-Name/PUMAgent-Host values


 

    1. From NCSS Tenant Console launch the PUM administrative console

 

    1. From the PUM administrative console click on hosts

 

    1. Select the Host whose name/host was noted earlier

 

    1. In the left navigation panel click on "Delete Host"

 

    1. From the NCSS Tenant Console click on the delete icon.





PUM Manager SSO


-----------------------------

    1. Login to NCSS Customer Console

 

    1. Select “PUM Service” from Security Services Panel

 

    1. Click on “<Launch administrative console>” from Services Panel

 

    1. Ensure PUM Manager UI launches without having to login (might need to enable popups in your browser




Labels:

How To-Best Practice
Collateral
Comment List
Anonymous
Related Discussions
Recommended