立即与支持人员聊天
与支持团队交流

Safeguard Authentication Services 5.0.2 - Upgrade Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Upgrade the web console Upgrade Windows components Configure Active Directory Configure Unix agent components Upgrade client components manually Getting started with Safeguard Authentication Services
Getting acquainted with the Control Center Learning the basics
Troubleshooting

Management Console for Unix requirements

One Identity recommends that you install One Identity Management Console for Unix, a separate One Identity product that provides a management console that is a powerful and easy-to-use tool that dramatically simplifies deployment of Safeguard Authentication Services agents to your clients. The management console streamlines the overall management of your Unix, Linux, and macOS hosts by enabling centralized management of local Unix users and groups and providing granular reports on key data and attributes.

Prior to installing Management Console for Unix, ensure your system meets the minimum hardware and software requirements for your platform.

Table 8: Management Console for Unix: Hardware and software requirements
Component Requirements
Supported platforms

Can be installed on the following configurations:

  • Windows x86 (32-bit)
  • Windows x86-64 (64-bit)
  • Unix/Linux systems for which Java 8 is available
Server requirements

The Management Console for Unix server requires Java 8 (also referred to as JRE 8, JDK 8, JRE 1.8, and JDK 1.8).

Managed Host Requirements

Click www.oneidentity.com/products/safeguard-authentication-services/ to view a list of Unix, Linux, and Mac platforms that support Safeguard Authentication Services.

Click www.oneidentity.com/products/privilege-manager-for-unix/ to review a list of Unix and Linux platforms that support Privilege Manager for Unix.

Click www.oneidentity.com/products/privilege-manager-for-sudo/ to review a list of Unix, Linux, and Mac platforms that support Safeguard for Sudo.

Considerations:

  • To enable the Management Console for Unix server to interact with the host, you must install both an SSH server (that is, sshd) and an SSH client on each managed host. Both OpenSSH 2.5 (and higher) and Tectia SSH 5.0 (and higher) are supported.
  • Management Console for Unix does not support Security-Enhanced Linux (SELinux)
  • When you install Safeguard Authentication Services on Oracle Solaris 11, the Oracle Solaris 10 packages are installed.
Default memory requirement

1024 MB

NOTE: See JVM memory tuning suggestions in the One Identity Management Console for Unix Administration Guide for information about changing the default memory allocation setting in the configuration file.

Network requirements

Safeguard Authentication Services must be able to communicate with Active Directory, including domain controllers, global catalogs, and DNS servers using Kerberos, LDAP, and DNS protocols. The following table summarizes the network ports that must be open and their function.

Table 9: Network ports
Port Function
389 Used for LDAP searches against Active Directory Domain Controllers. TCP is normally used, but UDP is used when detecting Active Directory site membership.
3268 Used for LDAP searches against Active Directory Global Catalogs. TCP is always used when searching against the Global Catalog.
88 Used for Kerberos authentication and Kerberos service ticket requests against Active Directory Domain Controllers. TCP is used by default.
464 Used for changing and setting passwords against Active Directory using the Kerberos change password protocol. Safeguard Authentication Services always uses TCP for password operations.
53 Used for DNS. Since Safeguard Authentication Services uses DNS to locate domain controllers, DNS servers used by the Unix hosts must serve Active Directory DNS SRV records. Both UDP and TCP are used.
123 UDP only. Used for time-synchronization with Active Directory.
445 CIFS port used to enable the client to retrieve configured group policy.

Note: Safeguard Authentication Services, by default, operates as a client, initiating connections. It does not require any firewall exceptions for incoming traffic.

Upgrade the web console

In preparing for your Safeguard Authentication Services upgrade, One Identity recommends that you install or upgrade Management Console for Unix first. This provides a management console that is a powerful and easy-to-use tool that dramatically simplifies deployment, enables management of local Unix users and groups, provides granular reports on key data and attributes, and streamlines the overall management of your Unix, Linux, and macOS hosts.

Note: Of course, you can install Safeguard Authentication Services without using Management Console for Unix. For more information, see Upgrade client components manually. However, for the purposes of the examples in this guide, it is assumed that you will install and configure the Safeguard Authentication Services Unix agent components by means of Management Console for Unix.

Upgrading Management Console for Unix

The process for upgrading Management Console for Unix from an older version is similar to installing it for the first time. The installer detects an older version of the console and automatically upgrades the components.

Note: The procedures in this topic assume you have Management Console for Unix 2.0.x (or later) installed.

Before you begin the upgrade procedure, close the console and make a backup of your database, as explained in step 1.

To upgrade Management Console for Unix

  1. Backup the database files:
    1. Shutdown the service. See Start/Stop/Restart Management Console for Unix Service in the console online help for details.

      Management Console for Unix uses a HSQLDB (Hyper Structured Query Language Database) to store its data such as information about the hosts, settings, users, groups, and so forth.

    2. Copy the /var/opt/quest/mcu data directory to a backup location.

      Refer to Database Maintenance in the online help for more information about the database locations and filenames.

    3. After backup is complete restart the service. See Start/Stop/Restart Management Console for Unix Service in the console online help for details.

      Once you backup the database files, you are ready to start the upgrade.

  2. To start the upgrade, follow the instructions for a first-time installation. See Installing the Management Console in the console online help for details.

    When the installer detects a previous version of the management console is already installed, it asks if you want to continue.

  3. Click Yes in the Install Management Console for Unix dialog.
  4. Accept the terms of the license agreement and click Next.
  5. Modify the default SSL (https) and Non-SSL (http) port numbers, if necessary, and click Install.

    The installation wizard uninstalls the old version and configures the server database and service.

  6. In the Complete dialog, select the Launch the Management Console option and click Finish.

Note: After an upgrade from any version of Management Console for Unix, it is important to re-profile all managed hosts.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级