Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Installation Guide

1. Overview 2. Preparing the Storage of Security Data in the LDAP Directory
2.1 Active Directory 2.2 Active Directory + ADAM or AD LDS 2.3 OpenLDAP 2.4 Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server 2.5 Novell eDirectory 2.6 IBM Tivoli Directory Server 2.7 Deploying a Workstation LDAP User Account
3 Installing Quest ESSO Controllers and Audit Databases 4 Installing and Configuring the Software Modules on the Workstations 5 Enabling the Self Service Password Request (SSPR) Capability 6. Enabling OTP Authentication 7 Enabling the Group Membership Modification Feature 8 Centralizing Parameters Using Group Policy Objects (GPO) 9 Installing Quest ESSO MSI Packages in Silent Mode Appendix A: Advanced Configuration: Audit Appendix B: Activating Traces Appendix C: Retrieving the Serial Number on a MiFARE RFID Badge

3.11 Defining a Master Audit Database

All audit events received by the Quest ESSO Controller are stored in the local Quest ESSO audit cache (1). The local cache prevents losing audit events whenever the master database is not available.
The Quest ESSO Controller regularly uploads the contents of the local audit cache to the master database (3), through a local OLE DB or ODBC driver (2). Once an audit record was successfully sent to the master database, it is removed from the local Quest ESSO audit cache.
All requests for audit events issued from Quest ESSO Console query the master database, and not the local Quest ESSO audit cache.
For SQL Server: MSSQLV2.sql
For PostgreSQL: PostgreSQLV2.sql
For Oracle: OracleV2.sql
The master database used to gather audit events from several Quest ESSO Controllers must conform to the following definition:
The automatic increment of the 'id' column must be achieved using a SEQUENCE associated with a TRIGGER procedure invoked before the insertion of a row in the audit table. You may for instance use an "AUDIT_SEQ" sequence when defining your TRIGGER procedure as follows:
Before connecting to an Oracle database server, the Oracle client software must be installed on the Quest ESSO Controller. The Oracle client must be configured so that tnsping.exe <TNS Name of the Oracle Instance> works.
1.
In the Administration Tools window, click Define a master Audit database.
2.
Select Upload audit events in a centralized master database, and complete the window as detailed below:
To configure a Microsoft SQL Server master database, click SQL Server database and fill in the Server name, Database name, Login, Password and Confirmation fields.
To configure a non-Microsoft SQL Server master database, click Use a data link to provide a Data Source Name (DSN).
Select Microsoft OLE DB Provider for ODBC Drivers.
In the Connection tab, select an ODBC Data Source Name (DSN) and provide the proper login and password.
If the wanted DSN does not appear in the list, the DSN may not be declared on the computer running the local audit cache (this may be the case if you are configuring a MySQL master database connected to a Microsoft SQL Server local audit cache). You must install the ODBC Driver for MySQL component on the controller running the local audit cache and declare the DSN of the master database using the ODBC Data Source Administrator tool (click Administrative Tools\Data Sources (ODBC) to start it.
Select Allow saving password.
Select the name of the table where Quest ESSO audit events are to be stored.
If you want that the Quest ESSO Controller sends e-mails to (database or security) administrators whenever the master database reaches a size threshold, fill in the following fields:
Size warning threshold
Size threshold (in number of audit records: about 2 KB are required for each record).
Administrator’s e-mail
E-mail address of the database administrator.
also send e-mail to
A set of comma-separated list of e-mail addresses of other administrators.
SMTP server
Name of the SMTP server in charge of routing e-mails.
This area allows you to configure when Quest ESSO audit events are uploaded to this master database. Specify a fixed daily hour (for example at 02:00 everyday) or a frequency (every day, every 4 hours, every minute for example).

3.12 Installing a Quest ESSO Controller

This section explains how to install a Quest ESSO Controller, which is made of the following components:
Quest ESSO server, which is used by the Quest ESSO Clients during some operations (administration, audit...). This module must be installed on a clearly identified machine.
Quest ESSO Console, which is the administration console. This module can be installed on any client workstations.
To use Quest ESSO Console, Quest ESSO Controller must be installed on a computer. For more information, see 1.2, "Quest ESSO Architecture".
The Quest ESSO Controller is delivered as installation packages using the Microsoft Windows Installer (MSI) format.
Configure the Quest ESSO Security Services (see 4.1, "Configuring Workstations").
Check that your Windows operating system is supported by Quest ESSO. For details, see Release Notes.
If you want to install the Quest ESSO Controller on a Windows x64, you must previously install OLEDB Provider in 64 bits (it is not included by default in the OS).
1.
2.
In the Administration Tools, click Install Quest ESSO Controller.
The Quest ESSO Controller installation wizard appears.
If the Quest ESSO Console installation wizard does not automatically appear, from the Quest ESSO installation package browse the INSTALL directory and double-click ESSOController.msi.
If you have installed Advanced Login, the Advanced Login authentication window appears.
QESSO Controller: Quest ESSO server installation.
QESSO Console: Quest ESSO Console software module installation.
Proximity devices plugin: this feature is necessary if you want to manage RFID devices from Quest ESSO Console.
Supported languages: possible language of Quest ESSO modules.

4 Installing and Configuring the Software Modules on the Workstations

After the initialization of the Quest ESSO security database, you must install and configure the software modules on all the workstations that will run in the Quest ESSO environment. All these workstations must at least run the Enterprise SSO software module. Depending on your needs, you can also install the Advanced Login and/or the Quest ESSO Console modules.
The Quest ESSO software suite is delivered as installation packages using the Microsoft Windows Installer 2.0 (MSI) format. You can install these packages either in interactive mode (following the instructions of the installation wizard), or in silent mode using any software distribution tool. Command line options allow you to specify installation options for each of the software suite package.
The Quest ESSO software suite applications support several languages, and use the language defined in the regional settings of the user workstations without any further installation. Nevertheless, depending on your installation package, you may find several installation packages using several languages for one application. The language of the selected installation package will be the language of the installation wizard and of the labels of the Windows Start menu.

4.1 Configuring Workstations

Before or after installing the software modules, you must configure the workstation, except for the Advanced Login module for which you must configure the workstation before its installation.
1.
2.
In the Select a task list, select Install software modules.
3.
In the Software Installation task list, click Configure workstation.
The Configuration Assistant appears.
To configure the Quest ESSO workstation with Active Directory, see 4.1.1 Quest ESSO Configuration with Active Directory.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating