Privileged User Manager 2.3.3 setup and configuration with NetIQ Cloud Security Service Product


This is a step-by-step procedure to help customers and partners configure and set up NetIQ Privileged User Manager 2.3.3 with NetIQ Cloud Security Service.

NPUM Manager Setup


    1. Deploy SLES11 SP2

        1. Requires: tomcat6, unzip, ntp, gettext-runtime, sudo, java-1.7.0-ibm


    1. Copy setup files to VM

        1. managedcssvc.tgz

        1. netiq-npum-manager-2.3.3-linux-2.6-x86_64.rpm

        1. pummgr.war


    1. Install netiq-npum-manager

        1. rpm -i netiq-npum-manager-2.3.3-linux-2.6-x86_64.rpm


    1. Unarchive managedcssvc.tgz

        1. tar –xvf managedcssvc.tgz


    1. Install the three rpms from archive

        1. rpm -i managedcssvc-2.0.0-0.1.noarch.rpm activemq-5.5.1-3.1.x86_64.rpm cssevents-1.0.0-0.1.noarch.rpm


    1. Copy pummgr.war to /usr/share/ncss/repo

        1. cp pummgr.war /usr/share/ncss/repo/

NPUM Linux Agent Setup


    1. Deploy SLES11 SP2


    1. Copy NPUM Agent to VM


    1. Install Agent

        1. rpm -i netiq-npum-agent-2.3.3-linux-2.6-x86_64.rpm

NPUM Windows Agent Setup


    1. Deploy Windows VM


    1. Copy NPUM Agent to Windows VM


    1. Install Agent

      1. Run supplied MSI



    1. Install Director

        1. deploy and configure NCSS image

        1. cd /usr/share/ncss

        1. ./ -d

        1. wait for install to finish (to test, make sure you can login to provider console URL: https://<DIRECTOR_DNS>/css/Provider USER/PASSWORD: )


    1. Setup Catalog Scripts (requires curl, only tested on SuSE Linux)

        1. Unarchive catalog file

        1. cd ./scripts directory

        1. edit director.dns.dat with your director dns name

        1. cd ./scripts/catalog


    1. Import PUM Service Template

        1. ./postPUMServiceTemplate

        1. Examine output:

          <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
          <ncssCatalog xmlns="urn:novell:schema:ncss:catalog" version="v.1.0">
          <response code="CREATED">


    1. Create Tenant

        1. ./postTenantList -a -n tenantOne

        1. Save tenantId from response: <tenantId>ec0bb59c-e9a5-41d0-b665-896e77c3c32e</tenantId>


    1. Add PUM Manager To Tenant

        1. ./postTenantServiceComponentPUMManager -t <tenantId>

          example: ./postTenantServiceComponentPUMManager -t ec0bb59c-e9a5-41d0-b665-896e77c3c32e

        1. Save componentInstanceId from response: <componentInstanceId>aba07021-ea99-4ea8-ac1c-f3a1eb3d03cc</componentInstanceId>


    1. Get PUM Manager INI File

        1. ./getTenantServiceComponentIniFile -t <tenantId> -c <serviceInstanceId>

          Example: getTenantServiceComponentIniFile -t ec0bb59c-e9a5-41d0-b665-896e77c3c32e -c aba07021-ea99-4ea8-ac1c-f3a1eb3d03cc

        1. Response is in getTenantServiceComponentIniFile.reply


    1. Copy PUM Manage INI file to PUM Manager VM

        1. scp getTenantServiceComponentIniFile.reply root@<PUMManager IP>:/root/


    1. Install PUM Manager

        1. cd /usr/share/ncss

        1. ./ –m <inifile>

          Example: ./ -m /root/getTenantServiceComponentIniFile.reply


    1. Add PUM Agent To Tenant

        1. /postTenantServiceComponentPUMAgent -t <tenantId> –c <PUM Manager componentInstanceId>

          /postTenantServiceComponentPUMAgent -t ec0bb59c-e9a5-41d0-b665-896e77c3c32e –c aba07021-ea99-4ea8-ac1c-f3a1eb3d03cc

        1. Save componentInstanceId from response: <componentInstanceId>c62bcd09-36b2-448a-90ff-c7a485d1bf6c</componentInstanceId>


    1. Get PUM Agent INI File

        1. ./getTenantServiceComponentIniFile -t <tenantId> -c <PUM Agent componentInstanceId>

          Example: ./getTenantServiceComponentIniFile –t ec0bb59c-e9a5-41d0-b665-896e77c3c32e –c c62bcd09-36b2-448a-90ff-c7a485d1bf6c


    1. COPY PUM Agent INI file to PUM Agent VM

        1. scp getTenantServiceComponentIniFile.reply root@<PUMAgent IP>:/root/


    1. Install PUM Agent

        1. If Linux Agent:

          /opt/novell/npum/sbin/unifi regclnt ncssRegister <ini file>

          Example: /opt/novell/npum/sbin/unifi regclnt ncssRegister /root/getTenantServiceComponentIniFile.reply

        1. If Windows Agent:

          c:\Program Files\Novell\npum\bin\unifi.exe regclnt ncssRegister -f <ini file>

          Example: “c:\Program Files\Novell\npum\bin\unifi.exe” regclnt ncssRegister –f "c:\Users\Administrator\pum\getTenantServiceComponentIniFile.reply"

Delete PUM Agent


    1. Remove the PUMAgent from the Windows or Linux workload.

        1. Linux:

          rpm -e netiq-npum-2.3.3-0

        1. Windows:

          "Control Panel:Add Remove Programs"


    1. From NCSS Tenant Console click edit icon of the PUMAgent

        1. note the PUMAgent-Name/PUMAgent-Host values


    1. From NCSS Tenant Console launch the PUM administrative console


    1. From the PUM administrative console click on hosts


    1. Select the Host whose name/host was noted earlier


    1. In the left navigation panel click on "Delete Host"


    1. From the NCSS Tenant Console click on the delete icon.

PUM Manager SSO


    1. Login to NCSS Customer Console


    1. Select “PUM Service” from Security Services Panel


    1. Click on “<Launch administrative console>” from Services Panel


    1. Ensure PUM Manager UI launches without having to login (might need to enable popups in your browser


How To-Best Practice
Comment List
Related Discussions