Installing and Configuring Service Desk with eIAM on UNIX
eIAM (Embedded Identity and Access management) has now been certified for most UNIX platforms supported by Service Desk. This differs from Service Desk r11.2 in that r11.2 required that eIAM be installed on Windows, as a prerequisite for installing Service Desk on UNIX. This is no longer required.
However, it is still required that eIAM be installed and functional prior to running the initial Configuration of Service Desk. eIAM is NOT packaged with Service Desk for install on any UNIX platform, and configuration will expect it to exist or it will fail.
To install eIAM on a UNIX platform, you must first download the version of eIAM located at following FTP site:
There are 2 versions for each platform. The MDB version requires an Ingres MDB installed and running on the same machine as eIAM. The non-MDB version installs its own copy of Ingres 3.0 for use by eIAM only. Do not install the non-MDB version on a server with an existing Ingres EI installation.
You will need an installed Java JRE version 1.4 on the machine prior to running the install script.
2 userids must be created prior to running the install script. These userids are "dsa" (the eTrust directory owner) and "ingres", the Ingres database owner. The ingres user will already exist if the MDB is installed.
Select the eIAMServer for your platform. The file is an executable shell script. For a list of install options, run eIAMServer_8.1_xxxxxx_xxxx .sh -usage (where xxxxxx_xxxx is the version and platform of the downloaded executable).
Normally, no command-line parameters are ne cessary, however for ease of installation, we recommend that you invoke the installation with the following parameters:
-tempdir /directory/subdirectory Many UNIX systems will not have the required space in the default temporary directory /tmp, so use this parameter to point to an existing empty folder that has a minimum of 500MB free space. This is only used during installation .
-iisystem /opt/CA/IngresEI Set this parameter to specify the existing Ingres location if using the MDB version, or to install Ingres in a non-default location. The default location for the non-MDB Ingres is /opt/CA/IngresEI.
After launching the install script, follow each prompt.
To verify that eIAM is installed and operating, from a Web Browser invoke:
where "hostname" is the machine eIAM is installed on.
Log in using the eIAM credentials, and ensure you can view the user list by selecting "Manage Identities" and can search or create users. This verifies that eIAM is operational and a vailable for use to Service Desk.
The following describes how to configure Service Desk to use a UNIX version of eIAM.
- Service Desk and eIAM on different Machines
- This is the simplest method, and it does not matter what DBMS Service Desk runs on. eIAM must be installed first on the eIAM machine, and Service Desk installed on the Service Desk server. On Service Desk configuration, select the eIAM server name on the eIAM Configuration window. eIAM must continue to run on the eIAM server in order for CA-Workflow or any subsequent Configures of Service Desk to function.
- Service Desk and eIAM on the Same machine
- Because eIAM requires Ingres, either Ingres and the MDB must be installed first, or the non-MDB version of eIAM must be installed. Note that the non-MDB version of eIAM uses an Ingres that may be incompatible with Service Desk, so if Service Desk is to use Ingres as well you may have 2 copies of Ingres on the system. Care must be made to ensure the Ingres identifier is different on the 2 DBMSs.
- If Service Desk is using Oracle, the Ingres compatibility will not be a problem.
- Because Service Desk configuration on UNIX assumes a remote eIAM, choosing LOCAL is not available. However, the Local install of eIAM can be used by simply entering the local hostname in the remote eIAM server name field.
Note 1: While eIAM can run on all supported platforms, using eIAM for Authentication is still limited to Windows, Linux, and AIX platforms. To use eIAM Authentication with a Solaris or HPUX Primary Server, it is still necessary to install a Secondary server on Windows, AIX, or Linux and use pdm_edit to move User Validation (boplgin) to that Secondary server.
Note 2 (AIX only): It is still required to install the IBM SDK Policy Files in the JRE used by Service Desk (per the r11.2 Release Notes) in order for Workflow to function, regardless of where eIAM is installed.
Note 3: At the time of this writing eIAM is not supported on HPUX 11.23. It is supported on HPUX 11.11 only.