IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Installation Guides > Installation Guide > Install IBM Tivoli Monitoring > Install the Tivoli Authorization Policy Server and tivcmd Command-Line Interface for Authorization Policy
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Install the Tivoli Authorization Policy Server using the graphical user interface
Use the IBM Tivoli Monitoring Installation Launchpad or IBM Installation Manager with a local or network repository to install the Tivoli Authorization Policy Server using a graphical user interface. Using both of these methods, you can also install the IBM Infrastructure Management Dashboards for Servers and tivcmd Command Line Interface for Authorization at the same time. The Installation Launchpad is the recommended approach if you do not have experience using IBM Installation Manager.
IBM Dashboard Application Services Hub must be installed before you can install Authorization Policy Server.
If IBM Dashboard Application Services Hub is not already installed, you have two options:
- Use the Jazz for Service Management launchpad application to install IBM Dashboard Application Services Hub and its prerequisites. Then, use the IBM Tivoli Monitoring installation launchpad to install the IBM Tivoli Monitoring components for a dashboard environment. This is the recommended approach if you are not familiar with IBM Installation Manager.
- Ensure that IBM Installation Manager is installed and then set up a local or network repository that contains the Jazz for Service Management components. Also set up a repository with the IBM Tivoli Monitoring components for a dashboard environment. Then use IBM Installation Manager to install IBM Dashboard Application Services Hub, its prerequisites, and the IBM Tivoli Monitoring components at the same time. IBM Installation Manager ensures the components are installed in the correct order.
If Dashboard Application Services Hub is already installed, you have two options for installing the Tivoli Authorization Policy Server:
- Use the IBM Tivoli Monitoring installation launchpad. This is the recommended approach if you are not familiar with IBM Installation Manager.
- Set up a local or network repository with the Tivoli Monitoring components for a dashboard environment and then use IBM Installation Manager to perform the installation.
If you are using IBM Installation Manager repository to perform the installation, you must ensure that it is installed and then set up a local or network repository with the packages to be installed. See Use IBM Installation Manager to install or update components from a local repository or Use IBM Installation Manager to install or update components from a network repository.
To install and configure the Tivoli Authorization Policy Server on the computer where the Dashboard Application Services Hub is installed. (Or where the Dashboard Application Services Hub will be installed at the same time as the authorization policy server.)
- If you are using the IBM Tivoli Monitoring Installation Launchpad, perform these steps to start the installation:
- Log in into the system as the same user who installed the IBM Dashboard Application Services Hub.
- Execute the launchpad command or script for your operating system. The launchpad commands and scripts are located in the root directory of the IBM Tivoli Monitoring Dashboards for Servers and Authorization Policy Components DVD or DVD image.
- 32 bit system launchpad.exe
- 64 bit system launchpad64.exe
- launchpad.sh
- On the main launchpad panel, select one of the following links under the Product Overview category:
- Install as administrative user: Select this link if you installed IBM Dashboard Application Services Hub as an administrative user on Windows or as root on Linux/UNIX.
- Install as non-administrative user: Select this link if you did not install IBM Dashboard Application Services Hub as an administrative user on Windows or as root on Linux/UNIX.
- In the Installation Manager main window, click Install to display the available packages.
The IBM Installation Manager window opens with several choices for managing the IBM software installations.
- If you are using IBM Installation Manager, perform the following steps to start the installation:
- Log in as the user who installed IBM Dashboard Application Services Hub if it is already installed.
- Start the IBM Installation Manager:
- Double-click the IBMIM.exe file located in the eclipse subdirectory in the directory where IBM Installation Manager was installed. The default path for IBM Installation Manager on Windows is C:\Program Files\IBM\Installation Manager\eclipse.
- Execute the IBMIM binary under /opt/IBM/InstallationManager/eclipse.
The IBM Installation Manager window opens with several choices for managing the IBM software installations.
- In the Installation Manager main window, click Install to see the available packages in the repositories that are configured for IBM Installation Manager.
- Select the Tivoli Authorization Policy Server package and click Next.
- If you are using the IBM Tivoli Monitoring Installation Launchpad, the Tivoli Authorization Policy Server package is preselected.
- If you are using IBM Installation Manager to install IBM Dashboard Application Services Hub at the same time, you must also select its package and its prerequisite packages. See the Jazz for Services Management Installation Guide for details when you are asked to provide information specific to these packages (http://pic.dhe.ibm.com/infocenter/tivihelp/v3r1/topic/com.ibm.psc.doc_1.1.0/install/psc_c_install.html).
- You can also select the IBM Infrastructure Management Dashboards for Servers package and tivcmd Command Line Interface for Authorization Policy packages if they are also being installed on the same system.
- If you are installing Jazz for Service Management, accept the license agreement for each package and click Next.
- If you are using IBM Installation Manager to perform the installation, specify the location of the Shared Resources Directory and click Next.
The first time that you install a package on a computer you are asked to specify a shared resources directory. The shared resources directory is where IBM Installation Manager stores installation artifacts that can be used by one or more package groups. Choose a directory on your largest drive. You cannot change the shared resources directory location until you uninstall all packages.
- On the panel for configuring package groups, you cannot specify an installation directory for the Tivoli Authorization Policy Server package because it is installed using the package group definition for IBM Dashboard Application Services Hub: Core services in Jazz for Service Management.
- If you are using IBM Installation Manager to install IBM Dashboard Application Services Hub at the same time, you should confirm the package group location for its package group and its prerequisite package groups.
- If you are also installing the tivcmd Command Line Interface for Authorization Policy package on the computer, you should select its package directory and either use the default installation directory location or enter a custom installation directory location. On a 64 bit machine, the 64 bit architecture of the tivcmd Command Line Interface for Authorization Policy is installed by default. You can select to switch to the 32 bit architecture. However, on zSeries systems with Linux, you can only install the 32 bit architecture of the CLI.
The tivcmd CLI cannot be installed under the same installation directory as Jazz for Service Management or the monitoring server, portal server, portal client, monitoring agents, and tacmd CLI components of IBM Tivoli Monitoring.
- If you are using IBM Installation Manager to perform the installation for Jazz for Service Management, you might be asked to specify the translation packages to install. After making your selection, click Next.
The language files for all supported languages are always installed with the IBM Infrastructure Management Dashboards for Servers, Tivoli Authorization Policy Server, and tivcmd Command Line Interface for Authorization Policy packages.
- Select the Tivoli Authorization Policy Server feature and click Next.
- If you are using the IBM Tivoli Monitoring Installation Launchpad, this feature is preselected.
- It is recommended to select the Tivoli Authorization Policy Server Installation features together (which is the default behavior). However, you can clear the Configuration feature if you did not select the Configuration feature when IBM Dashboard Application Services Hub was installed. Or likewise, if you want to review the deployment scripts before they are used to deploy the authorization policy server application into IBM Dashboard Application Services Hub. If you select the Installation feature on its own, only the authorization policy server binaries and install scripts are laid down in the installation directory (on Windows this location is usually C:\Program Files\IBM\JazzSM\AuthPolicyServer and on Linux/UNIX this location is usually /opt/IBM/JazzSM/AuthPolicyServer). If you select the Configuration feature on its own, the Installation feature is selected as well.
- If you are using IBM Installation Manager to install IBM Dashboard Application Services Hub at the same time, you must also select the IBM Dashboard Application Services Hub features and its prerequisite features.
- You can also select the IBM Infrastructure Management Dashboards for Servers feature and tivcmd Command Line Interface for Authorization Policy feature if you want to install those features on the same system.
- On the next window, specify the configuration parameters for each package where you selected the Configuration feature. Select each package on the left to see its set of configuration parameters. Specify the configuration parameters and click Next.
If you are using IBM Installation Manager to install IBM Dashboard Application Services Hub at the same time as the Tivoli Authorization Policy Server, see the Jazz for Service Management Installation Guide at http://pic.dhe.ibm.com/infocenter/tivihelp/v3r1/topic/com.ibm.psc.doc_1.1.0/install/psc_c_install.html for details when you are asked to provide information specific to these packages. The following configuration parameters apply to the Tivoli Authorization Policy Server configuration feature:
- The Common Configuration for Core Services in Jazz for Service Management configuration parameters are displayed if IBM Dashboard Application Services Hub is already installed. You must specify an IBM Dashboard Application Services Hub administrative user name and password, such as smadmin and its password. Click Validate to confirm the credentials can be used to log in to the dashboard hub. These credentials are used to deploy the Authorization Policy Server application into the WebSphere Application Server for IBM Dashboard Application Services Hub. This user ID is also assigned to the PolicyAdministrator role that is used by the Authorization Policy Server to control which users can create and work with authorization policies.
- The Restart Dashboard Application Services Hub configuration parameters allow you to specify how to restart the Dashboard Application Services Hub after the authorization policy server is installed and configured. Select either an automatic or manual restart of the Dashboard Application Services Hub and click Confirm. Click OK when prompted to confirm your selection.
- The advanced parameters for the Tivoli Authorization Policy package allow you to specify audit log properties and how to handle distribution of authorization policies. The Tivoli Authorization Policy Server periodically compresses a file of the current set of authorization policies that is available for distribution. On a periodic interval, the dashboard data provider component of the portal server makes a request to the Tivoli Authorization Policy Server for the latest compressed file of policies. If there is a new file, it is obtained and extracted and this set of policies becomes the current set of policies that are used by the dashboard data provider.
Configure the Authorization Policy Server audit and policy distribution properties. Each property has the following default value and range:
- Audit log file count
- The maximum number of audit log files to keep at one time.
- Default value is 5. Range is greater than 1 and less than 99999.
- Audit log file size (megabytes)
- The maximum size of each log file in megabytes.
- Default size is 10. Range is greater than 1 and less than 99999.
- Audit log file directory
- The directory into which the log files are stored.
- Default value is <JAZZSM_INSTALL_DIR>\AuthPolicyServer\PolicyServer\audit
- Policy-distribution Polling interval (minutes)
- This property specifies how often the Authorization Policy Server updates the compressed file containing the authorization policies that is downloaded by the dashboard data provider.
- Default value is 5. Range is 1 - 1440 minutes.
- Policy-distribution Polling directory
- The directory into which the version of the policies for distribution is stored.
- Default value is <JAZZSM_INSTALL_DIR>\AuthPolicyServer\PolicyServer\dist
- If you are also installing the tivcmd CLI package, configure the IBM GSKit Security parameters. Specify the encryption key that is being used in the IBM Tivoli Monitoring environment in the GSKit field. The default value is IBMTivoliMonitoringEncryptionKey.
- After specifying all of the configuration parameters, click Next.
The Next button is not enabled until all required configuration parameters are completed.
- Review the information on the Install Packages Summary window. This is your opportunity to click Back and make any changes before proceeding.
- Click Install to begin installing. After installation is complete, the packages are shown in a panel with a message confirming that they are installed. You can now review the log files.
- Click Finish to finalize the installation.
What to do next
See Verify the Tivoli Authorization Policy Server installation for steps to verify that the installation was successful.If you only selected the installation feature of the Tivoli Authorization Policy Server, review the authorization policy server's deployment scripts and then use the Modify operation of IBM Installation Manager to deploy the authorization policy server into IBM Dashboard Application Services Hub. See Configure the Tivoli Authorization Policy Server feature after installation.
If you selected both the installation and configuration features of Authorization Policy Server, perform the following tasks:
- If you selected the option for a manual restart of Dashboard Application Services Hub in step 9, you must restart the application server for Dashboard Application Services Hub. You must perform this action before you can use the Authorization Policy Server with the tivcmd CLI to create authorization policies.
- Install the tivcmd Command Line Interface on the computers that administrators use to create authorization policies. Follow the instructions in Install the tivcmd Command Line Interface for Authorization Policy using the graphical user interface or Install or update the tivcmd Command Line Interface for Authorization Policy using console mode. The user credentials that you specified during the Authorization Policy Server installation are assigned to the PolicyAdministrator role. You must use these credentials with the tivcmd Command Line Interface to log in to the Authorization Policy Server and assign other administrators permission to create and work with authorization policy roles.
The IBM Tivoli Monitoring Administrator's Guide provides examples of creating authorization policies for common scenarios in the Using role-based authorization policies chapter. Steps for configuring a dashboard environment to use authorization policies are outlined in the Preparing your dashboard environment chapter. For a complete list of tivcmd CLI commands, see the Command Reference.
Parent topic:
Install the Tivoli Authorization Policy Server and tivcmd Command-Line Interface for Authorization Policy