The first thing you must do is install and configure the host you want to use as your primary policy server.
Privilege Manager comes with a Preflight program that checks to see if your system meets the install requirements.
To check for installation readiness
For example, on a 64-bit Red Hat Linux, run:
# cd server/linux-x86_64
# chmod 755 pmpreflight
# sh pmpreflight.sh –-server
NOTE: Running pmpreflight.sh –-server performs these tests:
Privilege Manager uses TCP/IP to communicate with networked computers, so it is essential that you have TCP/IP correctly configured. If you cannot use programs such as ssh and ping to communicate between your computers, then TCP/IP is not working properly; consult your system administrator to find out why and make appropriate changes.
Ensure that your host has a statically assigned IP address and that your host name is not configured to the loopback IP address 127.0.0.1 in the /etc/hosts file.
When the agent and policy server are on different sides of a firewall, Privilege Manager needs a number of ports to be kept open. By default, Privilege Manager can use ports in the 600 to 31024 range, but when using a firewall, you may want to limit the ports that can be used.
You can restrict Privilege Manager to using a range of ports in the reserved ports range (600 to 1023) and the non-reserved ports range (1024 to 65535). We recommend that a minimum of six ports are assigned to Privilege Manager in the reserved ports range and twice that number of ports are assigned in the non-reserved ports range.
Use the setreserveportrange and setnonreserveportrange settings in the /etc/opt/quest/qpm4u/pm.settings file to open the ports in the required ranges. See PM settings variables for details.
If configuring Privilege Manager for Unix to use NAT (Network Address Translation), you may need to configure the pmtunneld component. See Configuring firewalls for more information about using Privilege Manager for Unix with NAT and restricting port numbers.