Novell Privileged User Manager 2.3 User guide

Installation Guide

Privileged User Manager 2.3.2

January, 2013

Legal Notice

NetIQCorporation(“NetIQ”)makesnorepresentationsorwarrantieswithrespecttothecontentsoruseofthis

documentation,andspecificallydisclaimsanyexpressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticular

purpose.Further,NetIQreservestherighttorevisethispublicationandtomakechangestoitscontent,at

anytime,without

obligationtonotifyanypersonorentityofsuchrevisionsorchanges.

NetIQmakesnorepresentationsorwarrantieswithrespecttoanysoftware,andspecificallydisclaimsanyexpressorimplied

warrantiesofmerchantabilityorfitnessforanyparticularpurpose.Further,NetIQreservestherighttomakechangesto

any

andallpartsofthesoftware,atanytime,withoutanyobligationtonotifyanypersonorentityofsuchchanges.

AnyproductsortechnicalinformationprovidedunderthisAgreementmaybesubjecttoU.S.exportcontrolsandthetrade

lawsofothercountries.Youagreetocomplywithall

exportcontrolregulationsandtoobtainanyrequiredlicensesor

classificationtoexport,re‐export,orimportdeliverables.Youagreenottoexportorre‐exporttoentitiesonthecurrentU.S.

exportexclusionlistsortoanyembargoedorterroristcountriesasspecifiedintheU.S.exportlaws.You

agreetonotuse

deliverablesforprohibitednuclear,missile,orchemicalbiologicalweaponryenduses.NetIQassumesnoresponsibilityfor

yourfailuretoobtainanynecessaryexportapprovals.

Copyright©2013NetIQCorporation.Allrightsreserved.Nopartofthispublicationmaybereproduced,photocopied,stored

onaretrievalsystem,or

transmittedwithouttheexpresswrittenconsentofthepublisher.

Allthird‐partytrademarksarethepropertyoftheirrespectiveowners.

Formoreinformation,pleasecontactNetIQat:

1233 West Loop South, Houston, Texas 77027

U.S.A.

www.netiq.com

Contents 3

Contents

About This Guide 5

1 NetIQ Privileged User Manager Overview 7

1.1 Product Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

1.2 Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

1.3 What’s New in 2.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2 Installation Requirements 9

2.1 Software Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

2.2 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

2.3 Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

2.4 Supported Browsers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

2.5 Procedural Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

3 Installing the Framework Manager 13

3.1 Installing a Framework Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.1.1 AIX Framework Manager Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

3.1.2 HP-UX Framework Manager Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

3.1.3 Linux Framework Manager Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

3.1.4 SLES Framework Manager Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.1.5 Solaris Framework Manager Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

3.1.6 Windows Framework Manager Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

3.2 Accessing the Framework Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.3 Installing a NetIQ Privileged User Manager License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

3.4 Setting Up a Package Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

3.5 Stopping and Restarting the Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

3.5.1 AIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.5.2 HP-UX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

3.5.3 Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

3.5.4 Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

3.5.5 Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

3.6 Removing the Framework Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.6.1 AIX Manager Uninstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.6.2 HP-UX Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

3.6.3 Linux Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3.6.4 SLES Framework Manager Uninstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3.6.5 Solaris Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.6.6 Windows Manager Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

4 Installing the Agents 25

4.1 Agent Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

4.2 Creating a Host Name for Each Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

4.3 Opening Firewall Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

4.4 Installing and Registering a Framework Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

4.4.1 AIX Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

4.4.2 HP-UX Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

4 Contents

4.4.3 Linux Agent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

4.4.4 SLES Agent Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

4.4.5 Windows Agent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

4.4.6 Solaris Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

4.4.7 Tru64 Agent Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

4.5 Removing the Agent Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

4.5.1 AIX Agent Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

4.5.2 HP-UX Agent Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

4.5.3 Linux Agent Uninstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

4.5.4 SLES Agent Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

4.5.5 Solaris Agent Uninstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

4.5.6 Tru64 Agent Uninstall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

4.5.7 Windows Agent Uninstall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

5 Upgrading NetIQ Privileged User Manager 35

5.1 Upgrading from 2.2.x to 2.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

5.2 Migrating from Generic Linux 2.2.x to 2.3 on SLES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36

5.2.1 Migrating Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36

5.2.2 Migrating Framework Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

5.3 Upgrading from SLES 2.2.x to 2.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

5.3.1 Upgrading Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

5.3.2 Upgrading Framework Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

About This Guide 5

About This Guide

ThisGettingStartedGuideexplainsthehardwarerequirementsforthePrivilegedUserManager

components,thenexplainshowtoinstallthecomponents.

 Chapter 1,“NetIQPrivilegedUserManagerOverview,”onpage 7

 Chapter 2,“InstallationRequirements,”onpage 9

 Chapter 3,“InstallingtheFrameworkManager,”onpage 13

 Chapter 4,“InstallingtheAgents,”onpage 25

 Chapter 5,“UpgradingNetIQ

PrivilegedUserManager,”onpage 35

Audience

ThisguideisintendedforuserswhoinstallandmanagethePrivilegedUserManagerproduct.

Feedback

Wewanttohearyourcommentsandsuggestionsaboutthismanualandtheotherdocumentation

includedwiththisproduct.PleaseusetheUserCommentsfeatureatthebottomofeachpageofthe

onlinedocumentation,orgotowww.novell.com/documentation/feedback.htmlandenteryour

commentsthere.

Documentation Updates

ForthemostrecentversionoftheGettingStartedGuide,visitthePrivilegedUserManagerWebSite

(http://www.novell.com/documentation/privilegedusermanager23).

Additional Documentation

PrivilegedUserManagerAdministrationGuide(http://www.novell.com/documentation/

privilegedusermanager23/npum_admin/data/bkyzr9y.html)

6 NetIQ Privileged User Manager 2.3.2 Installation Guide

NetIQ Privileged User Manager Overview 7

NetIQ Privileged User Manager Overview

NetIQPrivilegedUserManagerdeliversarobustandscalablearchitecture,intuitivemanagement

consoleandreusablescriptandcommandlibrariesthatenableadministratorstoreducemanagement

overheadandinfrastructurecostsinyourenvironment.

 Section 1.1,“ProductOverview,”onpage 7

 Section 1.2,“Components,”onpage 7

 Section 1.3,“What’sNewin2.3,”onpage 8

1.1 Product Overview

Certainsituationsopenpotentialbackdoorsintosystemsandincreasethelikelihoodofasecurity

breachinanenterprisenetwork.Forexample,whenrunningsomecommandsthatrequireelevated

privileges,userssometimesgetexposedtothesuperuserorrootaccountcredentials.Similarly,

passwordsareoftennotchangedwhenauseris

nomoreperformingtheadministrativerole.

NetIQPrivilegedUserManagerhelpsITadministratorsmanagetheidentityandaccessfor

superuserandrootaccountsbyprovidingcontrolledsuperuseraccesstoadministrators,allowing

themtoperformjobswithoutneedlesslyexposingrootaccountcredentials.Italsoprovidesa

centralizedactivitylogacrossmultiple

platforms.TheintroductionofNetIQPrivilegedUser

ManagerenrichestheNovellIdentityandAccessManagementandComplianceManagement

solutionsbyaddingauditingandtrackingcapabilitiesforprivilegeduseractivityacrossthe

organization.

NetIQPrivilegedUserManagerlimitscorporatesusceptibilitytounauthorizedtransactionsand

informationaccessbyhelpingorganizationsrapidlydeploysuperuser

managementandtracking

acrossallUNIXandLinuxenvironments.Itreducesmanagementoverheadandinfrastructurecosts,

controlsandrecordswhichprivilegedusershaveaccesstowhat,andreducescostsanderrors

throughdemonstrablecomplianceaudits.

NetIQPrivilegedUserManagerworksbydelegatingprivilegedaccess,whichisauthorizedviaa

centralizeddatabase.

Theendresultisthatauserisauthorizedtorunthepriv ilegedcommandand

allactivityislogged.Thecentralizeddatabaseprovidesforeasieradministration.Comparedto

competitivesolutionsinthemarketplace,NetIQPrivilegedUserManagerisdeployedmorequickly,

providesfasterresponsetime,betterloggingandauditingandimproved

administration,andleads

toamoresecuresystemandafastreturnoninvestment.

1.2 Components

PrivilegedUserManagerconsistsofaFrameworkManager,whereyoumanageandconfigurethe

system,andanagent,whichisinstalledoneachmachinewhereyouwanttomonitorandcontrol

superuseraccess.

8 NetIQ Privileged User Manager 2.3.2 Installation Guide

Figure 1-1 FrameworkManager

FromtheHomepage,youhaveaccesstosixadministrativeconsoles:

 ComplianceAuditor:Proactiveauditingtoolthatpullseventsfromtheeventlogsforanalysis,

accordingtopredefinedrules.Itpullsfilteredauditeventsathourly,daily,weeklyormonthly

intervals.Thisenablesauditorstoviewprefilteredsecuritytransactions,playback

recordingsof

useractivity,andrecordnotesforcompliancepurposes.Inaneraofincreasingregulatory

compliancerequirements,theabilitytosupplydemonstrableauditcomplianceatanytime

providesamoresecuresystemandreducesauditrisk.

 FrameworkUserManager:ManagesuserswhologintotheFrameworkManagerthrough

role‐

basedgrouping.

 Hosts:CentrallymanagesPrivilegedUserManagerinstallationandupdates,load‐balancing,

redundancyofresources,andhostalerts.

 Reporting:Provideseasyaccessandsearchcapabilityforeventlogsandallowsyoureviewand

color‐codeuserkeystrokeactivitythroughtheCommandRiskAnalysisEngine.

 CommandControl:Usesanintuitive

graphicalinterfacetomanagesecuritypoliciesfor

privilegemanagement.

 PackageManager:LetsyoueasilyupdateanyPrivilegedUserManagerapplication.

1.3 What’s New in 2.3

ForinformationaboutthenewfeaturesaddedinNetIQPrivilegedUserManager2.3seePrivileged

UserManager2.3Readme(http://www.novell.com/documentation/privilegedusermanager23/).

Installation Requirements 9

Installation Requirements

 Section 2.1,“SoftwarePrerequisites,”onpage 9

 Section 2.2,“SystemRequirements,”onpage 9

 Section 2.3,“SupportedPlatforms,”onpage 10

 Section 2.4,“SupportedBrowsers,”onpage 11

 Section 2.5,“ProceduralOverview,”onpage 11

2.1 Software Prerequisites

 NetIQPrivilegedUserManagerinstallationsoftware.LogintotheNovellCustomerCenter

(http://www.novell.com/center)andfollowthelinkthatallowsyoutodownloadthesoftware.

 AdobeFlashPlayer.

 NetIQPrivilegedUserManagerlicense.LogintotheNovellCustomerCenter(http://

www.novell.com/center)anddownloadthelicense.

NOTE:Bydefault,newinstallationsareprovidedwitha90‐daylicenseforfiveagents,oneof

whichisthemanager.

2.2 System Requirements

APUMagentshouldhavethefollowingsystemrequirements:

 CPU‐300MHz(RISC),1GHz(CISC)

 Memory‐50MBadditionalmemory

 HardDisk‐100MBadditionalmemory

APUMmanagershouldhavethefollowingsystemrequirements:

 CPU‐1GHz ormore(RISC),2GHzormore(CISC)

 Memory‐250MBadditional

memory

 HardDisk‐150MBadditionalmemoryandadditionalmemoryforAuditStorage

TIP:ApproximateadditionalmemorycalculationforAuditStorage=(250KB)X(numberofPUM

users)X(numberofsessionsperday(usually8sessions)).

10 NetIQ Privileged User Manager 2.3.2 Installation Guide

2.3 Supported Platforms

TheFrameworkManagersoftwarehasbeentestedonthefoll owingplatforms:

 Windows2008R232‐bitand64‐bit

 Windows200332‐bitand64‐bit

 Windows200832‐bitand64‐bit

 RedHat532‐bitand64‐bit

 RedHat632‐bitand64‐bit

 AIX5.3

32‐bitand64‐bit

 AIX6.132‐bitand64‐bit

 SUSELinuxEnterpriseServer10(SLES)32‐bitand64‐bit

 OpenEnterpriseServer2(32‐bitand64‐bit)

 SUSELinuxEnterpriseServer11(SLES)32‐bitand64‐bit

 OpenEnterpriseServer11(32‐bitand

64‐bit)

 Ubuntu10.04LTS64‐bit

 HP‐UX(PA‐RISC)11.1132‐bitand64‐bit

 HP‐UX(PA‐RISC)11.2332‐bitand64‐bit

 HP‐UX(Itanium)11.2364‐bit

 SunSolaris(SPARC)32‐bitand64‐bitonversions9and10

 SunSolaris(Intel)32‐bit

and64‐bitonversions10

TheFrameworkAgentsoftwarehasbeentestedonthefollowingplatforms:

 HPTru64UNIX64‐biton5.1aand5.1b

 Windows2008R232‐bitand64‐bit

 Windows200332‐bitand64‐bit

 Windows200832‐bitand64‐bit

 RedHat5

32‐bitand64‐bit

 RedHat632‐bitand64‐bit

 AIX5.332‐bitand64‐bit

 AIX6.132‐bitand64‐bit

 SUSELinuxEnterpriseServer10(SLES)32‐bitand64‐bit

 OpenEnterpriseServer2(32‐bitand64‐bit)

 SUSELinuxEnterprise

Server11(SLES)32‐bitand64‐bit

 OpenEnterpriseServer11(32‐bitand64‐bit)

 Ubuntu10.04LTS64‐bit

 HP‐UX(PA‐RISC)11.1132‐bitand64‐bit

 HP‐UX(PA‐RISC)11.2332‐bitand64‐bit

 HP‐UX(Itanium)11.2364‐bit

 SunSolaris(SPARC)

32‐bitand64‐bitonversions9and10

 SunSolaris(Intel)32‐bitand64‐bitonversions10

Installation Requirements 11

IMPORTANT

 Ensurethatyouroperatingsystemisrunningthevendorʹslatestmaintenancepatches.

 Usethe64bitinstallerofPrivilegedUserManagerforthe64bitWindowsplatforms.

Third Party Tested Platforms

TheagentcanbeinstalledonthefollowingLinuxplatform:

 UniventionCorporateServer(UCS)2.3

2.4 Supported Browsers

ToaccessNetIQPrivilegedUserManager,youneedtoinstallAdobeFlashPlayer11oraboveona

supportedbrowser.

Thefollowingarethesupportedbrowsers:

 MicrosoftInternetExplorer7.0

 MicrosoftInternetExplorer8.0

 MozillaFirefox17.0

 Chrome23.0

NOTE:Somefeatures,suchasRDPRelay,aresupportedonlyonInternetExplorer8.0.

2.5 Procedural Overview

ThefollowingstepsarerequiredtoinstallPrivilegedUserManager:

1 InstallaFrameworkManager.SeeChapter 3,“InstallingtheFrameworkManager,”onpage 13.

2 Whentheinstallationhascompleted, accessandlogintotheconsole.SeeSection 3.2,“Accessing

theFrameworkConsole,”onpage 18.

3 InstallthePrivilegedUserManagerlicense.SeeSection 3.3,“InstallingaNetIQPrivilegedUser

ManagerLicense,”onpage 18.

Bydefault,newinstallationsareprovidedwitha90‐daylicenseforfiveagents,oneofwhichis

themanager.Youneedtoinsta llyourlicensebeforethedefaultlicenseexpires.

4 SetupaPackageManagersoyoucaninstalladditionalpackagesontheagentsandpush

packageupdatestoyourframeworkcomponents.SeeSection 3.4,“SettingUpaPackage

Manager,”onpage 19.

5 InstallandregisteraFrameworkAgentonthecomputersthatyouwanttomanage.See

Chapter 4,“InstallingtheAgents,”onpage 25.

WhenyouhaveinstalledandregisteredtheFrameworkagents,youhavecompletedthe

installationoftheFramework.

6 Forconfigurationinform ation,seetheNetIQPrivilegedUserManager2.3.2AdministrationGuide.

12 NetIQ Privileged User Manager 2.3.2 Installation Guide

Installing the Framework Manager 13

Installing the Framework Manager

 Section 3.1,“InstallingaFrameworkManager,”onpage 13

 Section 3.2,“AccessingtheFrameworkConsole,”onpage 18

 Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18

 Section 3.4,“SettingUpaPackageManager,”onpage 19

 Section 3.5,“StoppingandRestartingtheFramework,”onpage 19

 Section 3.6,“RemovingtheFrameworkManager,”onpage 21

3.1 Installing a Framework Manager

Currently,theFrameworkManagerisavailableforinstallationontheplatformslistedbelow.Referto

Chapter 2,“InstallationRequirements,”onpage 9formoreinformationregardingsupported

versions.

NOTE:AftertheFrameworkManagerisinstalled,themanagerconsolerunsonthedefaultport443

andcanbeaccessedwith

https://<ip>

.Thedefaultportcan bechangedbychangingtheport

numberinthe

connector.xml

filelocatedat

<install_path>/service/local/admin/

connector.xml

.ForSUSE,theconnector.xmlfileislocatedat

/etc/opt/novell/npum/service/

local/admin/connector.xml

Fordetailedinstallationinstructionsforyourplatform,selectfromthelistbelow:

 Section 3.1.1,“A I XFrameworkManagerInstallation,”onpage 13

 Section 3.1.2,“HP‐UXFrameworkManagerInstallation,”onpage 14

 Section 3.1.3,“LinuxFrameworkManagerInstallation,”onpage 15

 Section 3.1.4,“SLESFrameworkManagerInstallation,”onpage 15

 Section 3.1.5,“SolarisFrameworkManagerInstallati on,”onpage 17

 Section 3.1.6,“Windows

FrameworkManagerInstallation,”onpage 17

3.1.1 AIX Framework Manager Installation

TheAIXinstallationpackageiscompressedthroughgzip.Inordertoinstallthepackage,youmust

unzipthepackagethroughgunzip.

Bydefault,theinstallationprograminstallsthesoftwareinto

/opt/novell/npum

.Tochangethis,

createadirectoryintherequiredpartofthefilesystemandcreateasymboliclinkto

/opt/novell/

npum

.

14 NetIQ Privileged User Manager 2.3.2 Installation Guide

ToinstalltheAIXmanager:

1 Copytheinstallationpackagetoatemporarylocationandusethefollowingcommandtoextract

theinstallationfiles:

gunzip <filename>

Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/documentation/

privilegedusermanager23/readme/data/privilegedusermanager_readme.html)fortheactual

filename.

2 AftertheAIXinstallationpackageisuncompressed,useoneofthefollowingmethodsto

performtheinstallation.

 TheAIXsmittyprogram.

 Thefollowingcommand:

installp -acgNQqwX -d <directory of .bff file> netiqnpum

3 Afterinstallationiscomplete,checkthattheserviceisrunningbyviewingthelogfile.Thelog

fileislocatedin

/opt/novell/npum/logs/unifid.log

,ifthedefaultinstalllocationwasused.

Ifthemanagerinstalledcorrectly,servicesshouldbelisteningon0.0.0.0:29120and0.0.0.0:443.

4 Ifyouhavebeensuppliedwithalicense,logintotheFrameworkConsoleandinstallthelicense.

Forinformation,refertoSection 3.2,“AccessingtheFrameworkConsole,”onpage 18,andthen

Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

3.1.2 HP-UX Framework Manager Installation

TheHP‐UXinstallationpackageiscompressedthroughgzip.Inordertoinstallthepackage,you

mustunzipthepackagethroughgunzip.

Bydefault,theinstallationprograminstallsthesoftwareinto

/opt/novell/npum

.Tochangethis,

createadirectoryintherequiredpartofthefilesystemandcreateasymboliclinkto

/opt/novell/

npum

ToinstalltheHP‐UXmanager:

1 Copytheinstallationpackagetoatemporarylocationandusethefollowingcommandtoextract

theinstallationfiles:

gunzip <filename>

Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/documentation/

privilegedusermanager23/readme/data/privilegedusermanager_readme.html)fortheactual

filename.

2 AftertheHP‐UXinstallationpackageisuncompressed,usethefollowingcommandtoinstall

themanager:

swinstall -s /<directory of .depot file>/<filename>.depot \*

3 Afterinstallationiscomplete,checkthattheserviceisrunningbyviewingthelogfile.Thelog

fileislocatedin

/opt/novell/npum/logs/unifid.log,

ifthedefaultinstalllocationwasused.

Ifthemanagerinstalledcorrectly,servicesshouldbelisteningon0.0.0.0:29120and0.0.0.0:443.

Installing the Framework Manager 15

4 Ifyouhavebeensuppliedwithalicense,logintotheFrameworkConsoleandinstallthelicense.

Forinformation,refertoSection 3.2,“AccessingtheFrameworkConsole,”onpage 18,andthen

Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

3.1.3 Linux Framework Manager Installation

LinuxhostsusetheRPMpackagingsystemforinstallation,upgrade,andremoval.

Bydefault,theinstallationprograminstallsthesoftwareinto

/opt/novell/npum

.Tochangethis,

createadirectoryintherequiredpartofthefilesystemandcreateasymboliclinkto

/opt/novell/

npum

.

ToinstalltheLinuxmanager:

1 Copytheinstallationpackagetoatemporarylocationandusethefollowingcommandtoinstall

thefile:

rpm -i <filename>.rpm

Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/documentation/

privilegedusermanager23/readme/data/privilegedusermanager_readme.html)fortheactual

filename.

2 Afterinstallationiscomplete,checkthattheserviceisrunningbyviewingthelogfile.Thelog

fileislocatedin

/opt/novell/npum/logs/unifid.log

,ifthedefaultinstalllocationwasused.

Ifthemanagerinstalledcorrectly,servicesshouldbelisteningon0.0.0.0:29120and0.0.0.0:443.

3 Ifyouhavebeensuppliedwithalicense,logintotheFrameworkConsoleandinstallthelicense.

Forinformation,refertoSection 3.2,“AccessingtheFrameworkConsole,”onpage 18,andthen

Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

3.1.4 SLES Framework Manager Installation

Toinstallanewmanagerhost,youmustinstallbasepackages,managerpackagesandotherrequired

dependencies.

NOTE:

 ForSLESspecificRPMs,theopensourcedependenciesmustbefulfilledbeforetheRPMis

installedusingtheRPMcommand.

IftheSLESoperatingsystemisproperlyregisteredandtheSLESupdatechannelsare

configured,youcanusethezyppercommandwiththeSLESspecificRPMswhichwill

automatically

pulltherequiredopensourcedependenciesfromtheconfiguredSLESupdate

channels.

 BeforeinstallingthemanagerRPM,insta lltheagentRPM.

ToinstalltheSLESmanager:

1 Copytheinstallationpackagetoatemporarylocation.

Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/documentation/

privilegedusermanager23/readme/data/privilegedusermanager_readme.html)fortheactual

filename.

16 NetIQ Privileged User Manager 2.3.2 Installation Guide

2 AftertheSLESinstallationpackageisuncompressed,installtheSLESmanager.Toinstallthe

SLESmanager,youmust installtheagentpackagebeforeinstallingthemanagerpackage.

UsethefollowingcommandtoinstalltheSLESmanager:

 ForSLES11usezypper:

zypper install <Agent name>.rpm



<Manager name>.rpm

 ForSLES10userug:

rug install <Agent name>.rpm

<Managername>.rpm

 rpm:

rpm -i <Agent name>.rpm

rpm -i <Manager name>.rpm

NOTE:Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/

documentation/privilegedusermanager23/readme/data/

privilegedusermanager_readme.html)fortheactualAgentnameandManagername.

Aspartoftheinstallationprocessthezypperorrugcommandlineinterfacesautomatically

resolvetherequireddependencies.However,iftheinstallationisthroughtheRPMcommand,

theinstallationwillfailifthefollowingdependenciesarenotinstalled.



libapr1



libapr-util1



openssl



perl



apr





zlib





pcre



openldap

3 Afterinstallationiscomplete,checkthattheserviceisrunningbyviewingthelogfile.Thelog

fileislocatedin

/var/opt/novell/npum/logs/unifid.log

,ifthedefaultinstalllocationwas

accepted.Ifthemanagerinstalledcorrectly,servicesshouldbelisteningon0.0.0.0:29120and

0.0.0.0:443.

4 Ifyouhavebeensuppliedwithalicense,logintotheFrameworkConsoleandinstallthelicense.

Forinformation,refertoSection 3.2,“AccessingtheFrameworkConsole,”onpage 18,andthen

Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

NOTE:ForupgradingtoNPUM2.2.2onSLESfromapreviousrelease,seeSection 5.2,“Migrating

fromGenericLinux2.2.xto2.3onSLES,”onpage 36.

Installing the Framework Manager 17

3.1.5 Solaris Framework Manager Installation

TheSolarisinstallationpackageiscompressedthroughgzip.Inordertoinstallthepackage,youmust

unzipthepackagethroughgunzip.

Bydefault,theinstallationprograminstallsthesoftwareinto

/opt/novell/npum

.Tochangethis,

createadirectoryintherequiredpartofthefilesystemandcreateasymboliclinkto

/opt/novell/

npum

ToinstalltheSolarismanager:

1 Copytheinstallationpackagetoatemporarylocationandusethefollowingcommandtoextract

theinstallationfiles:

gunzip <filename>

Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/documentation/

privilegedusermanager23/readme/data/privilegedusermanager_readme.html)fortheactual

filename.

2 AftertheSolarisinstallationpackageisuncompressed,usethefollowing commandtoinstallthe

manager:

pkgadd -d /<directory of .pkg file>/<filename>.pkg

3 Afterinstallationiscomplete,checkthattheserviceisrunningbyviewingthelogfile.Thelog

fileislocatedin

/opt/novell/npum/logs/unifid.log

,ifthedefaultinstalllocationwas

accepted.Ifthemanagerinstalledcorrectly,servicesshouldbelisteningon0.0.0.0:29120and

0.0.0.0:443.

4 Ifyouhavebeensuppliedwithalicense,logintotheFrameworkConsoleandinstallthelicense.

Forinformation,refertoSection 3.2,“AccessingtheFrameworkConsole,”onpage 18,andthen

Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

3.1.6 Windows Framework Manager Installation

1 Runthefollowinginstallexecutabletostarttheinstallation:

<filename>.exe

Seethe“NetIQPrivilegedUserManagerReadme”(http://www.novell.com/documentation/

privilegedusermanager23/readme/data/privilegedusermanager_readme.html)fortheactual

filename.

2 Followthestepsintheinstallwizard.

TheFrameworkManagerservicecanbeinstalledonanypartofthenormalfilesystem.It

defaultstothe

C:\Program Files\Novell\npum

folder.

3 Afterinstallationiscomplete,checkthattheserviceisrunningbyviewingthelogfile.Thelog

fileislocatedin

C:\Program Files\Novell\npum\logs\unifid.log

,ifthedefaultinstall

locationwasused.Ifthemanagerinstalledcorrectly,servicesshouldbelisteningon0.0.0.0 :29120

and0.0.0.0:443.

4 Ifyouhavebeensuppliedwithalicense,logintotheFrameworkConsoleandinstallthelicense.

Forinformation,refertoSection 3.2,“AccessingtheFrameworkConsole,”onpage 18,andthen

Section 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

18 NetIQ Privileged User Manager 2.3.2 Installation Guide

3.2 Accessing the Framework Console

1 OpenaWebbrowseronyourchosenplatform.

2 Intheaddressbar,entertheURLfortheFrameworkConsoleasfollows:

https://<hostname>

Replace<hostname>withoneofthefollowing:

 TheDNSnameoftheserverwheretheFrameworkManagerisinstalled.

 TheDNSnameofaserverthathasthe AdministrationAgentpackageinstalled.

3 Ifyouarepresentedwithasecurityalert,verifythedetailsandselectYestocontinue.

4 IfyourbrowserisnotalreadyequippedwithAdobeFlashPlayer,thebrowserattemptstoinstall

it.VerifythedetailsandselectInstalltocontinue.

Arebootorbrowserrestartmightberequired.

5 LogintotheFrameworkConsole.

AfteryouentertheURLfortheFrameworkConsole,theinitiallogonscreenisdisplayedinthe

browserwindow.Youmustauthenticatetothesystembyusingausernameandpassword

definedonthesystem.

6 (Conditional)Ifthisisthefirsttimetologintothe console,specifytheusername

admin

and

password

novell

,thenclickLogon.

7 (Conditional)Ifthisisthefirsttimetologintothe FrameworkConsole,youarepromptedto

changethedefaultpassword.

Yournewpasswordshouldbeaminimumofeightcharacters.Ifthenewpasswordisacceptable

tothesystem,youareloggedintotheconsole.

IMPORTANT:TonavigateintheFrameworkConsole,donotuseyourbrowser’sForwardor

Backbuttons;usethetrailatthetopofeachpage,suchas:

Home/ComplianceAuditor

ClickHometoreturntomainconsolemenu.

8 ContinuewithSection 3.3,“InstallingaNetIQPrivilegedUserManagerLicense,”onpage 18.

3.3 Installing a NetIQ Privileged User Manager License

LogintotheNovellCustomerCenter(http://www.novell.com/center)anddownloadyourlicense

file.Usethefollowingstepstoinstallit:

1 LogintotheFrameworkConsole.

2 FromtheTaskPane,clickAboutFramework.

3 ClickRegisterFramework.

4 Copythesuppliedlicenseandpasteitintothetextarea.

5 ClickFinish>Close.

YourlicensedetailscanbeviewedbyselectingtheAboutFrameworkoptionfromtheTaskPane.

6 Continuewithoneofthefollowing:

 Section 3.4,“SettingUpaPackageManager,”onpage 19

 Chapter 4,“InstallingtheAgents,”onpage 25

Installing the Framework Manager 19

3.4 Setting Up a Package Manager

ThePackageManagerallowsyoutopushupdatestohostsandtoinstalladditionalpackagesonthe

hostsforloadbalancingandfailover.TousetheNovellUpdateServerasthePackageManager,see

“ConfiguringthePa ckage Manager”intheNetIQPrivilegedUserManager2.3.2AdministrationGuide.

Touse

alocalhostasaPackageManager:

1 Createadirectorysuchas

framework

ontheFrameworkManagerinthe

/tmp

directory.

Thisdirectoryiscalled

framework

intherestoftheseinstructions.

2 Copythe

netiq-npum-packages-2.3.2.tar.gz

fromthePackageManagerdirectoryonthe

CDtothemachine.

3 Extractthefiletothe

framework

directory.

ForUNIXandLinuxplatforms,usethefollowingcommands:

gunzip netiq-npum-packages-2.3.2.tar.gz

tar -xvf netiq-npum-packages-2.3.2.tar

ForWindowsplatforms,useWinZiptoextractthe file.

4 UsethefollowingcommandtopublishthepackagestothePackageManager.

Replace<admin>withthenameofyouradminuser.

ForLinuxandUNIXplatforms:

/opt/novell/npum/sbin/unifi -u <admin> distrib publish -d /tmp/framework

ForWindowsplatforms:

c:\Program Files\novell\npum\bin\unifi -u <admin> distrib publish -d

c:\tmp\framework

5 Whenprompted,enterthepasswordfortheadminuser.

6 (Optional)Toviewavailablepackages,logintotheFrameworkManager,thenclickPackage

Manager.

7 Deletethe

framework

directory.

3.5 Stopping and Restarting the Framework

TheFrameworkservicesandprocessesstartautoma ticallyafterinstallationandsystemreboot,so

thereisnormallynoneedtostopandrestartthem.Ifyouneedtostopandrestarttheservicesand

processesmanually,followtheinstructionsbelowforyourplatform:

 Section 3.5.1,“A I X, ” onpage 20

 Section 3.5.2,“HP‐UX,”onpage 20

 Section 3.5.3,“Linux,”onpage 20

 Section 3.5.4,“Solaris,”onpage 20

 Section 3.5.5,“Windows,”onpage 21

20 NetIQ Privileged User Manager 2.3.2 Installation Guide

3.5.1 AIX

TostoptheFram eworkprocess:

stopsrc -s npum

TostarttheFrameworkprocess:

startsrc -s npum

3.5.2 HP-UX

TostoptheFram eworkprocess:

/sbin/init.d/npum stop

TostarttheFrameworkprocess:

/sbin/init.d/npum start

Tocheckthestatus:

/sbin/init.d/npum status

3.5.3 Linux

Thefollowinginstructionsapplytoalldistributions.

TostoptheFram eworkprocess:

/etc/init.d/npum stop

TostarttheFrameworkprocess:

/etc/init.d/npum start

Tocheckthestatus:

/etc/init.d/npum status

3.5.4 Solaris

Thefollowinginstructionsapplytoallsupporteddistributions.

TostoptheFram eworkprocess:

/etc/init.d/npum stop

TostarttheFrameworkprocess:

/etc/init.d/npum start

Tocheckthestatus:

/etc/init.d/npum status

Solaris10alsousestheSMF(ServiceManagementfacility).Examplecommandsare:

svcs | grep npum

Page is loading ...

Novell Privileged User Manager 2.3 User guide

Related papers

Other documents