Chat now with support
Chat with Support

Identity Manager 8.1 - Installation Guide

About this Guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Error handling Appendix: Creating a One Identity Manager database for a test or development environment from a database backup Appendix: Extended configuration of the Manager web application Appendix: Machine roles and installation packages Appendix: Settings for a new SQL Server database

Remote installation of the One Identity Manager Service with the Server Installer

IMPORTANT: If you are working with an encrypted One Identity Manager database, see Notes on working with an encrypted One Identity Manager database.

Use the Server Installer to install the One Identity Manager Service. The program executes the following steps:

  • Setting up a Job server.

  • Specifying machine roles and server function for the Job server.

  • Remote installation of One Identity Manager Service components corresponding to the machine roles.

  • Configuration of One Identity Manager Service.

  • Starts the One Identity Manager Service.

 NOTE: The program executes remote installation of the One Identity Manager Service. Local installation of the service is not possible with this program. Remote installation is only supported within a domain or a trusted domain.

For remote installation of One Identity Manager Service, you require an administrative workstation on which the One Identity Manager components are installed.

To install and configure One Identity Manager Service remotely on a server

  1. Start the program Server Installer on your administrative workstation.

  2. Enter the valid connection credentials for the One Identity Manager database on the Database connection page.

  3. Specify the server on which you want to install One Identity Manager Service on the Server properties page.

    1. Select a Job server from the Server menu.

      - OR -

      To create a new Job server, click Add.

    2. Enter the following data for the Job server.

      Table 25: Job Server Properties

      Property

      Description

      Server

      Job server name.

      Queue

      Name of the queue to handle the process steps. Each One Identity Manager Service within the network must have a unique queue identifier. The process steps are requested by the job queue using exactly this queue name. The queue identifier is entered in the One Identity Manager Service configuration file.

      Full server name

      Full server name in accordance with DNS syntax.

      Example:

      <Name of servers>.<Fully qualified domain name>

      		NOTE: You can use the Extended option to make changes to other properties for the Job server. You can also edit the properties later with Designer.

  4. Specify which roles the Job server is to have in One Identity Manager on the Machine roles page. Installation packages to be installed on the Job server are found depending on the selected machine role.

  5. Specify the function of the server in the One Identity Manager environment on the Server functions page. One Identity Manager processes are handled depending on the server function.

    The server's functions depend on which machine roles you have selected. You can limit the server's functionality further here.

  6. Check the One Identity Manager Service configuration on the Service settings page.

    		NOTE: The initial service configuration is predefined already. If further changes need to be made to the configuration, you can do this later with the Designer. For detailed information about configuring the service, see the One Identity Manager Configuration Guide.

  7. To configure remote installations, click Next.

  8. Confirm the security prompt with Yes.

  9. Select the directory with the install files on Select installation source.

  10. Select the file with the private key on the page Select private key file.

    		 NOTE: This page is only displayed when the database is encrypted.

  11. Enter the service's installation data on the Service access page.

    Table 26: Installation Data

    Data

    Description

    Computer

    Server on which to install and start the service from.

    To select a server

    • Enter a name for the server.

      - OR -

    • Select a entry from the list.

    Service account

    User account data for the One Identity Manager Service.

    To enter a user account for the One Identity Manager Service

    • Set the option Local system account.

      This starts the One Identity Manager Service under the NT AUTHORITY\SYSTEM account.

      - OR -

    • Enter user account, password and password confirmation.

    Installation account

    Data for the administrative user account to install the service.

    To enter an administrative user account for installation

    • Enable Advanced.

    • Enable Current user.

      This uses the user account of the current user.

      - OR -

    • Enter user account, password and password confirmation.

  12. Click Next to start installing the service.

    Installation of the service occurs automatically and may take some time.

  13. Click Finish on the last page of Server Installer.

    		 NOTE: The service is entered with the name One Identity Manager Service in the server service management.
Related Topics

Displaying the One Identity Manager Service log file

The One Identity Manager Service log file can be displayed in a browser.

You call up the log file with the appropriate URL.

http://<server name>:<port number>

The default value is port 1880.

To open the One Identity Manager Service log file in Job Queue Info

  1. Start the Job Queue Info program.
  2. In the Server state view, select the Job server and select Open in browser in the context menu.

    The One Identity Manager Service HTTP server for the Job server is queried and the various One Identity Manager Service services are displayed.

Figure 3: One Identity Manager Service Log File

The messages to be displayed on the web page can be filtered interactively. There is a menu on the website for this. Only text contained in the log file can be displayed in this case. If the message type is Warning, for example, messages with the Info message type cannot also be displayed if the relevant filter is selected.

The log output is color coded to make it easier to identify.

Table 27: Log file color code
Color Meaning
Green Processing successful.
Yellow Warnings occurred during processing.
Red Fatal errors occurred during processing.

NOTE: If you want to retain the color information to send by mail, you need to save the complete web page.

Changing the user account or One Identity Manager Service start type

When One Identity Manager Service is installed the service is already entered in the "Services" on the computer.

To customize login data and the way the service is started

  1. Open the service management of the server and select the entry One Identity Manager Service in the list of services.
  2. Open service properties with the context menu item Properties.
  3. On the General tab, change the start type if necessary.

    The start type Automatic is recommended.

  4. Change the user account under which the service runs on the Login tab.
  5. Click Apply.
  6. Close the service's properties with OK.
  7. Start the service from the context menu item Start.

    If the One Identity Manager Service cannot be started, a corresponding message is written to the server event log.

NOTE: If you change the One Identity Manager Service user account, you must save the service's configuration file in the service’s install directory again.

NOTE: If you are working with an encrypted One Identity Manager database, see Notes on working with an encrypted One Identity Manager database.

Related Topics

The One Identity Manager Service in a cluster

The idea of a cluster solution is to make the system highly available. The aim is to limit system failure to only a few seconds if a hardware or software component fails. This can be achieved with the installation of a Windows cluster solution (only possible with Enterprise servers). The following diagram shows such a solution.

Figure 4: Example of a Cluster Solution

This cluster is made up of 2 physical computers "Server A" and "Server B" that use the same disk array and have their own individual system hard drive. Every server has a Windows operating system. Both servers are installed identically so that in the case of failure one server can take over from the other.

All redundant system components are managed by the cluster manager. From an external point of view, the cluster is addressed as a single, virtual server "Server C". The service or user that is accessing the service is automatically connected to the physical server that is currently carrying out the work in the cluster.

If one of the servers fails, then the redundant server in the cluster automatically takes over. The virtual server remains the contact partner, only the physical server that is running, changes.

Detailed information about this topic
Related Documents