This document describes how to install the One Identity Safeguard for Privileged Sessions (SPS) software on a certified hardware. The list of certified hardware is available at One Identity.
Note that installing and reinstalling SPS can take a long time, especially for a HA cluster. There are no supported workarounds for reducing the necessary downtime. One Identity recommends testing SPS in a virtual environment, and using physical hardware only for verifying HA functionality and measuring performance.
The following describes how to install a new SPS on a server.
When installing SPS on a physical hardware, make sure that you use a One Identity-supported appliance, and that every hard disk required for the particular appliance is inserted. Installing SPS without the required number of hard disks can cause erroneous behavior.
To install a new SPS on a server
Login to your support portal and download the latest One Identity Safeguard for Privileged Sessions installation ISO file. Note that you need to have partner access to download One Identity Safeguard for Privileged Sessions ISO files. If you are a partner but do not see the ISO files, you can request partner access within support portal.
Mount the ISO image, or burn it to a CD-ROM.
Connect your computer to the IPMI interface of SPS. For details, see the following documents:
For Safeguard Sessions Appliance 3000 and 3500, see the X9 SMT IPMI User's Guide.
Power on the server.
Login to the IPMI web interface, and boot the One Identity Safeguard for Privileged Sessions installation CD on the server using a virtual CD-ROM. For details, see the following documents:
For Safeguard Sessions Appliance 3000 and 3500, see the X9 SMT IPMI User's Guide.
When the One Identity Safeguard for Privileged Sessions installer starts, select Installer, press Enter, and wait until the server finishes the boot process.
|
TIP:
For testing purposes, you can speed up installation at the expense of slowing down RAID synchronization. Add the following kernel parameter to Installer in GRUB: lazy_itable_init=true This option defers full filesystem initialization, requiring the kernel to finish it during RAID synchronization, which slows that process down considerably. This is not recommended in a production environment. |
Installing SPS will completely delete the contents of the hard disks. If you want to proceed installing SPS, enterYESto start the installation process. Depending on the size of the disks, the installation process takes from a few minutes to an hour to complete.
|
Caution:
Hazard of data loss All data on the disks will be deleted. |
The installer displays the following message: Waiting for RAID sync..., and starts to synchronize the disks of SPS.
You are recommended to wait until the synchronization finishes. RAID synchronization is a two-step process, the progress of the active step is indicated on the progress bar. Wait until both steps are completed. Note that this synchronization takes several hours, depending on the size of the hard disks (about 8 hours on the average).
To skip the RAID synchronization, pressCtrl+Alt+Deleteto reboot SPS. Note that the system will automatically perform the synchronization after the first boot, but in this case the process will take several days.
When the installation is finished, the Installation finished successfully message is displayed. Unmount the installation media, then press Ctrl+Alt+Delete to reboot SPS. Wait until the system reboots and displays the IP address it accepts management connections on.
If you are installing the slave node of a SPS cluster, skip this step. Enter the IP address displayed in the previous step into your browser and verify that the Welcome Wizard of the One Identity Safeguard for Privileged Sessions is available. (If you have to create an alias IP address for your computer that falls into the 192.168.1.0/24 subnet (for example 192.168.1.10), see "The initial connection to One Identity Safeguard for Privileged Sessions (SPS)" in the Administration Guide.)
|
NOTE:
For details on the supported web browsers and operating systems, see "Supported web browsers and operating systems" in the Administration Guide. |
Figure 1: The Welcome Wizard
Power off the system.
This tutorial describes the possibilities and limitations of installing One Identity Safeguard for Privileged Sessions (SPS) 6.0 as a virtual appliance under a VMware ESXi server.
The following describes how to install a new SPS under VMware ESXi or ESX.
To install a new SPS under VMware ESXi or ESX
Create the virtual machine for SPS using the following settings. Note that these settings are suitable for evaluation purposes. To test SPS under significant load, contact One Identity for recommendations.
Guest operating system: Linux/Ubuntu 64-bit
Allocate memory for the virtual machine. SPS requires a minimum of 4 GiB (8 GiB is recommended) of memory. The recommended size for the memory depends on the exact environment, but consider the following:
The base system requires 4 GiB of memory.
SPS requires about 1-5 MiB of memory for every active connection, depending on the type of the connection — graphical protocols require more memory.
The hard disk controller must be LSI Logic Parallel.
Do not use RAID for the hard disk, use the data duplication features of your virtual environment instead. That way, a single hard disk is sufficient for the system. If you need to use the built-in RAID support of SPS for some reason, use two hard disks, and SPS will automatically use them in software RAID.
|
Caution:
Hazard of data loss When you install or reinstall SPS in a virtual environment, always create new hard disks. Using existing hard disks can cause unexpected behavior and operational problems. |
Configure a fixed size disk with at least 20 GiB space. About 10 GiB is required for the base system, the remaining disk space is used to store data. To increase the initial disk size, see Modifying the disk size of a SPS virtual appliance.
|
NOTE:
SPS will use the network card with the lowest PCI ID as eth0 (Physical interface 1), the card with the second lowest PCI ID as eth1 (the Physical interface 2), and so on. In some cases, this might differ from the labels in the VMWare management interface, for example, it is possible that eth0 will be labeled as Network adapter 4, and as a result, the SPS Welcome Wizard will not be available on Network adapter 1. |
SPS requires at least one network card (preferably VMXNET3) to function. Configurations can use up to 6 network cards.
|
NOTE:
The fourth (eth3) network card is reserved for High Availability mode by default. Therefore, make sure you enable, but do not attach, the fourth (eth3) network card to a network. |
After creating the virtual machine, edit the settings of the machine. Set the following options:
Under Options > VMware Tools enable the Shutdown, Suspend, Reset options, otherwise the SPS administrator will not be able to access these functions from the SPS web interface.
Under Options > Boot options enable the Force BIOS Setup option. This is required to be able to check the system time (and modify it if needed) before installing SPS.
Login to your support portal and download the latest One Identity Safeguard for Privileged Sessions installation ISO file. Note that you need to have purchased SPS as a virtual appliance or have partner access to download One Identity Safeguard for Privileged Sessions ISO files. If you are a partner but do not see the ISO files, you can request partner access within support portal.
Mount the ISO image and boot the virtual machine. Follow the on-screen instructions to install SPS.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center