Anonymous_User Absent Member.
Absent Member.
1147 views

Recommended Tomcat for SSPR


Hi All,

We are looking forward to implement SSPR in our OES11sp2 environment.
Purchased about 1000 licenses for SSPR. Need to understand which is the
recommended version of Tomcat required to be installed for SSPR. Can the
tomcat6 and IBM Java 6 which comes with Sles11 DVD be used for
implementing on live environment??
Or do we need to install latest version of tomcat 7/8 or apachetomcat to
deploy SSPR. ??

Also, please let me know if there is any step by step installation
guide for SSPR. I have gone thru the admin guide but somewhere it
confuses with installation steps and prerequisites and Database. Do we
need to install database separately ??



Any help will be highly appreciated.


--
squadri
------------------------------------------------------------------------
squadri's Profile: https://forums.netiq.com/member.php?userid=8474
View this thread: https://forums.netiq.com/showthread.php?t=52358

0 Likes
10 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Recommended Tomcat for SSPR



On 12/03/2014 11:57 PM, squadri wrote:
>
> Hi All,
>
> We are looking forward to implement SSPR in our OES11sp2 environment.
> Purchased about 1000 licenses for SSPR. Need to understand which is the
> recommended version of Tomcat required to be installed for SSPR. Can the
> tomcat6 and IBM Java 6 which comes with Sles11 DVD be used for
> implementing on live environment??
> Or do we need to install latest version of tomcat 7/8 or apachetomcat to
> deploy SSPR. ??


I think the docs are pretty clear on this (assuming you find them, which
may be a challenge); are you on a different page than this one?

https://www.netiq.com/documentation/sspr3/adminguide/data/b14gnc8o.html

> Also, please let me know if there is any step by step installation
> guide for SSPR. I have gone thru the admin guide but somewhere it
> confuses with installation steps and prerequisites and Database. Do we
> need to install database separately ??


Step-by-step instructions are on a page following the link above. No, you
do not need a separate database, and for just 1,000 users I would not
bother with that at this point unless you plan to grow a lot or you have
serious performance issues with the default setup and happen to have an
Oracle server available that is very high-performing.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Recommended Tomcat for SSPR


Thanks for your reply. I have been reading thru the same documentation
you referred to. What confused me is that when I went thru this link in
guide (supported Application Servers)

http://tinyurl.com/ksgjs3k

" Supported Application Servers
Java JDK 1.7 or later

Apache Tomcat 6 or 7. Other Java Application Servers are not
supported."

Since, I have installed Tomcat6 from Sles11 DVD, which installs ibm
java6 , It forced me to think if I need to install Java JDK 1.7
separately for deploying SSPR. If so, what settings I will need to do to
force the application to use Java JDK 1.7 after installing tomcat6.

I would highly appreciate if you help me in understanding this more..


--
squadri
------------------------------------------------------------------------
squadri's Profile: https://forums.netiq.com/member.php?userid=8474
View this thread: https://forums.netiq.com/showthread.php?t=52358

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Recommended Tomcat for SSPR

On 12/06/2014 04:22 AM, squadri wrote:
>
> Thanks for your reply. I have been reading thru the same documentation
> you referred to. What confused me is that when I went thru this link in
> guide (supported Application Servers)
>
> http://tinyurl.com/ksgjs3k
>
> " Supported Application Servers
> Java JDK 1.7 or later
>
> Apache Tomcat 6 or 7. Other Java Application Servers are not
> supported."
>
> Since, I have installed Tomcat6 from Sles11 DVD, which installs ibm
> java6 , It forced me to think if I need to install Java JDK 1.7
> separately for deploying SSPR. If so, what settings I will need to do to
> force the application to use Java JDK 1.7 after installing tomcat6.
>
> I would highly appreciate if you help me in understanding this more..
>
>

Greetings,
In your setenv.sh file (which you need to create and is outlined in
the Tomcat documentation as a best practice) you will specify the java
to use.

--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Recommended Tomcat for SSPR


Steven Williams;251874 Wrote:
> On 12/06/2014 04:22 AM, squadri wrote:
> >
> > Thanks for your reply. I have been reading thru the same

> documentation
> > you referred to. What confused me is that when I went thru this link

> in
> > guide (supported Application Servers)
> >
> > http://tinyurl.com/ksgjs3k
> >
> > " Supported Application Servers
> > Java JDK 1.7 or later
> >
> > Apache Tomcat 6 or 7. Other Java Application Servers are not
> > supported."
> >
> > Since, I have installed Tomcat6 from Sles11 DVD, which installs ibm
> > java6 , It forced me to think if I need to install Java JDK 1.7
> > separately for deploying SSPR. If so, what settings I will need to do

> to
> > force the application to use Java JDK 1.7 after installing tomcat6.
> >
> > I would highly appreciate if you help me in understanding this more..
> >
> >

> Greetings,
> In your setenv.sh file (which you need to create and is outlined in
> the Tomcat documentation as a best practice) you will specify the java
> to use.
>
> --
>
> Sincerely,
> Steven Williams
> Lead Software Engineer
> NetIQ


In which location do I need to create this setenv.sh file?? Is it not
enough to edit the tomcat6.conf file as mentioned in "ab" solution.
Please clarify my confusion. thanks


--
squadri
------------------------------------------------------------------------
squadri's Profile: https://forums.netiq.com/member.php?userid=8474
View this thread: https://forums.netiq.com/showthread.php?t=52358

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Recommended Tomcat for SSPR

On 12/06/2014 02:22 AM, squadri wrote:
>
> Thanks for your reply. I have been reading thru the same documentation
> you referred to. What confused me is that when I went thru this link in
> guide (supported Application Servers)
>
> http://tinyurl.com/ksgjs3k
>
> " Supported Application Servers
> Java JDK 1.7 or later
>
> Apache Tomcat 6 or 7. Other Java Application Servers are not
> supported."
>
> Since, I have installed Tomcat6 from Sles11 DVD, which installs ibm
> java6 , It forced me to think if I need to install Java JDK 1.7
> separately for deploying SSPR. If so, what settings I will need to do to
> force the application to use Java JDK 1.7 after installing tomcat6.


SLES 11 ships with Tomcat, yes, and by default it also ships and installs
IBM Java, which is used by that install of Tomcat. The way around this is
to install a 1.7 JDK (download the Sun/Oracle version from Oracle and
install its RPMs as root, or however you feel best about doing this; not
the path where it is located after being extracted/installed) and then
modify the /etc/tomcat6/tomcat6.conf file to refer to this location:


# Where your java installation lives
JAVA_HOME="/etc/alternatives/jre"


When you restart your system's Apache Tomcat service it should
automatically use the JDK located in this directory, which you can easily
verify using the ps commmand:


ps aux | grep java


Whether you install the JDK as 'root' (using an RPM) or as the tomcat user
or some other non-root user does not really matter, as long as the system
can find it from the path specified above.

OES is built on top of SLES, so I believe the steps are identical, but
without a system to verify that I'll hope that everything is the same. If
you do change to a Sun-based JDK from the IBM-based JRE and you are
already using Tomcat for something like iManager on OES be sure to do some
testing to ensure things still work there. iManager should work with both
versions, but the OES folks may assume things are one way or another. If
you have an OES box that does not already using the built-in Tomcat (for
iManager) then that would probably be a better option if you have issues
with one that already has iManager.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Recommended Tomcat for SSPR


Thanks guys for your reply. Regarding deploying SSPR on Oes server, I
paused at the following link :

http://tinyurl.com/q8z958s

and thereby decided to Deploy SSPR on a SLES11sp3 only machine instead
of OES11sp2. Just to play safe inorder not to mess with
iManager(novell-tomcat). However, my deeper concern is as the above link
says, the tomcat6 that is shipped with sles11 is open source!!!!. I am
now more concerned about security as this will be hooked to internet.


--
squadri
------------------------------------------------------------------------
squadri's Profile: https://forums.netiq.com/member.php?userid=8474
View this thread: https://forums.netiq.com/showthread.php?t=52358

0 Likes
Knowledge Partner
Knowledge Partner

Re: Recommended Tomcat for SSPR

squadri wrote:

> Thanks guys for your reply. Regarding deploying SSPR on Oes server, I
> paused at the following link :
>
> http://tinyurl.com/q8z958s
>
> and thereby decided to Deploy SSPR on a SLES11sp3 only machine instead
> of OES11sp2. Just to play safe inorder not to mess with
> iManager(novell-tomcat). However, my deeper concern is as the above link
> says, the tomcat6 that is shipped with sles11 is open source!!!!. I am
> now more concerned about security as this will be hooked to internet.


Seems like you misunderstood a few points in the mentioned URL:

"Novell-tomcat Is for OES Use Only

The novell-tomcat package is installed and configured for OES service use only.
It is an integral, embedded part of Novell OES services, not a generic
application platform.

The novell-tomcat package, and its associated configuration file and JRE
(novell-tomcat.conf and IBM 1.6.0 Java), must not be manually modified,
updated, or changed in any way. Otherwise, OES services and tools, such as
iManager, do not work as expected.

If you want to deploy a Tomcat-dependant Web application on an OES server, use
the open source Tomcat package that comes with SLES 11. Installing and
configuring the open source Tomcat package will not affect the novell-tomcat
package."

"novell-tomcat" is copy of tomcat that comes with the OES-Addon to SLES.
There's also a "tomcat6" package that comes with SLES (wether running OES on
top of SLES or not). So when you run OES, you have two default tomcat instances
to play with: "novell-tomcat" and "tomcat6" which are independent of each
other. You do not need to run a SLES-only box to be able to use "tomcat6" and
customize it's java version (but you can, of course). You can also download and
install any number of additional tomcat and accompanying java instances on
either SLES or OES e.g. if you want to run tomcat7 or 8 on your OES box.

I do not understand what you wanted say about open source and security
concerns. Do you mean opensource=insecure?Both "novell-tomcat" and "tomcat6"
packages are just preconfigured versions of the open-source software available
at http://tomcat.apache.org/...
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Recommended Tomcat for SSPR


lhaeger;251881 Wrote:
> squadri wrote:
>
> > Thanks guys for your reply. Regarding deploying SSPR on Oes server, I
> > paused at the following link :
> >
> > http://tinyurl.com/q8z958s
> >
> > and thereby decided to Deploy SSPR on a SLES11sp3 only machine

> instead
> > of OES11sp2. Just to play safe inorder not to mess with
> > iManager(novell-tomcat). However, my deeper concern is as the above

> link
> > says, the tomcat6 that is shipped with sles11 is open source!!!!. I

> am
> > now more concerned about security as this will be hooked to internet.

>
> Seems like you misunderstood a few points in the mentioned URL:
>
> "Novell-tomcat Is for OES Use Only
>
> The novell-tomcat package is installed and configured for OES service
> use only.
> It is an integral, embedded part of Novell OES services, not a generic
> application platform.
>
> The novell-tomcat package, and its associated configuration file and
> JRE
> (novell-tomcat.conf and IBM 1.6.0 Java), must not be manually modified,
> updated, or changed in any way. Otherwise, OES services and tools, such
> as
> iManager, do not work as expected.
>
> If you want to deploy a Tomcat-dependant Web application on an OES
> server, use
> the open source Tomcat package that comes with SLES 11. Installing and
> configuring the open source Tomcat package will not affect the
> novell-tomcat
> package."
>
> "novell-tomcat" is copy of tomcat that comes with the OES-Addon to
> SLES.
> There's also a "tomcat6" package that comes with SLES (wether running
> OES on
> top of SLES or not). So when you run OES, you have two default tomcat
> instances
> to play with: "novell-tomcat" and "tomcat6" which are independent of
> each
> other. You do not need to run a SLES-only box to be able to use
> "tomcat6" and
> customize it's java version (but you can, of course). You can also
> download and
> install any number of additional tomcat and accompanying java instances
> on
> either SLES or OES e.g. if you want to run tomcat7 or 8 on your OES
> box.
>
> I do not understand what you wanted say about open source and security
> concerns. Do you mean opensource=insecure?Both "novell-tomcat" and
> "tomcat6"
> packages are just preconfigured versions of the open-source software
> available
> at http://tomcat.apache.org/...


Should I assume that issues related with tomcat6 installed using
Sles11sp3 DVD are actually supported by Novell or NetIQ for instance!!


--
squadri
------------------------------------------------------------------------
squadri's Profile: https://forums.netiq.com/member.php?userid=8474
View this thread: https://forums.netiq.com/showthread.php?t=52358

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Recommended Tomcat for SSPR


lhaeger;251881 Wrote:
> squadri wrote:
>
> > Thanks guys for your reply. Regarding deploying SSPR on Oes server, I
> > paused at the following link :
> >
> > http://tinyurl.com/q8z958s
> >
> > and thereby decided to Deploy SSPR on a SLES11sp3 only machine

> instead
> > of OES11sp2. Just to play safe inorder not to mess with
> > iManager(novell-tomcat). However, my deeper concern is as the above

> link
> > says, the tomcat6 that is shipped with sles11 is open source!!!!. I

> am
> > now more concerned about security as this will be hooked to internet.

>
> Seems like you misunderstood a few points in the mentioned URL:
>
> "Novell-tomcat Is for OES Use Only
>
> The novell-tomcat package is installed and configured for OES service
> use only.
> It is an integral, embedded part of Novell OES services, not a generic
> application platform.
>
> The novell-tomcat package, and its associated configuration file and
> JRE
> (novell-tomcat.conf and IBM 1.6.0 Java), must not be manually modified,
> updated, or changed in any way. Otherwise, OES services and tools, such
> as
> iManager, do not work as expected.
>
> If you want to deploy a Tomcat-dependant Web application on an OES
> server, use
> the open source Tomcat package that comes with SLES 11. Installing and
> configuring the open source Tomcat package will not affect the
> novell-tomcat
> package."
>
> "novell-tomcat" is copy of tomcat that comes with the OES-Addon to
> SLES.
> There's also a "tomcat6" package that comes with SLES (wether running
> OES on
> top of SLES or not). So when you run OES, you have two default tomcat
> instances
> to play with: "novell-tomcat" and "tomcat6" which are independent of
> each
> other. You do not need to run a SLES-only box to be able to use
> "tomcat6" and
> customize it's java version (but you can, of course). You can also
> download and
> install any number of additional tomcat and accompanying java instances
> on
> either SLES or OES e.g. if you want to run tomcat7 or 8 on your OES
> box.
>
> I do not understand what you wanted say about open source and security
> concerns. Do you mean opensource=insecure?Both "novell-tomcat" and
> "tomcat6"
> packages are just preconfigured versions of the open-source software
> available
> at http://tomcat.apache.org/...


Its correct that they are preconfigured versions of open-source software
as you said, but it doesn't go well with my organization using
open-source and you may call us over-cautious in this regard when it
comes to security. Can anyone suggest us a best way to secure our
tomcat6 in the best possible manner. Any help will be highly
appreciated.


--
squadri
------------------------------------------------------------------------
squadri's Profile: https://forums.netiq.com/member.php?userid=8474
View this thread: https://forums.netiq.com/showthread.php?t=52358

0 Likes
Knowledge Partner
Knowledge Partner

Re: Recommended Tomcat for SSPR

squadri wrote:

> Its correct that they are preconfigured versions of open-source software
> as you said, but it doesn't go well with my organization using
> open-source and you may call us over-cautious in this regard when it
> comes to security.


Then you probably should not use SSPR at all, as it is open source as well. As
is SLES, btw..

> Can anyone suggest us a best way to secure our
> tomcat6 in the best possible manner. Any help will be highly
> appreciated.


I would start with https://www.google.de/search?q=harden+tomcat+best+practice
and consider fronting SSPR with NAM. SSPR also has a couple of additional
security features by itself, see
https://www.netiq.com/documentation/sspr3/adminguide/data/b14kmwgz.html and
https://www.netiq.com/documentation/sspr3/adminguide/data/b19te4i7.html for
more details.
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.