Installing additional nodes for an HA cluster on an external Tomcat server
The following provides information and instructions for installing additional nodes for an HA cluster on an external Tomcat.
Before you begin
- Before installing BMC Atrium Single Sign-On on the first node for an external Tomcat, make sure you have performed the tasks in Prerequisites for installation and Before you begin in Installing BMC Atrium Single Sign-On on an external Tomcat server.
- Ensure that the first node and all the additional nodes are running in the HA cluster.
To install BMC Single Sign-On on additional nodes for an external Tomcat
During subsequent node installations, previously installed nodes must be available so that the newly added node can fully integrate into the cluster.
- Ensure that all nodes are up and available.
- Copy the cluster configuration file (created during the first node's installation) to the local file system prior to installing BMC Atrium Single Sign-On on the node.
- Run the installation program, autorun.
If autorun does not automatically launch the appropriate file, launch the setup executable located in the Disk1 directory of the extracted files. This script automatically detects the appropriate subscript to execute.
(Microsoft Windows ) Run setup.cmd
(UNIX ) Run setup.sh
- Accept the default destination directory, or browse to select a different directory, and click Next.
- Enter the host name if the provided name is incorrect and click Next.
- Select Clustered Atrium SSO Server.
- Select Add this node to an existing cluster.
- Enter the location of the cluster configuration file and click Next.
- Enter the LDAP port and LDAP replication port, and click Next.
- Click Use External Tomcat and click Next. The Tomcat server options are:
- Install New Tomcat (default)
Use External Tomcat
The BMC Atrium Single Sign-On Tomcat server cannot be shared with any product that integrates with BMC Atrium Single Sign-On. BMC recommends that BMC Atrium Single Sign-On be the only application in the Tomcat server.
- Enter the Tomcat server directory at the prompt and click Next.
- At the Tomcat Application Server Selection panel, enter the path to the Tomcat server.
After the path is entered, the installer verifies that:
- The directory has a webapps directory that can be written to.
- The main program, tomcat6.exe, is present (even on UNIX).
- The server.xml file contains a Connector with port and secure defined, with scheme set to https. The installer parses important information from this Connector entry and stores it.
The installer deploys the BMC Atrium Single Sign-On web application to the Tomcat server, asking that you start or stop it when necessary.
- Enter additional information at the prompts. Be prepared with information about:
- JDK directory location
- Tomcat server port
- BMC Atrium Single Sign-On Truststore certificate location and password
- BMC Atrium Single Sign-On Keystore password, alias, and certificate
- (Windows ) You will be asked whether your external Tomcat is started using scripts or as a Windows service.
- Stop the Tomcat server.
- After installation is complete, follow the installer directions to restart the Tomcat server.
The Tomcat server can now be used as the BMC Atrium Single Sign-On application server. If you make modification to the server configuration, be sure to test each change to insure that the BMC Atrium Single Sign-On application continues to function correctly.
- Replace the existing certificate with a Certificate Authority (CA) signed identity certificate.
- Verify that your BMC Atrium Single Sign-On installation was successful:
- Launch the administrator console.
- Confirm that you can view the BMC Atrium Single Sign-On login panel.
Where to go from here
- To install the AR System server, see Installing or upgrading AR System server
- To secure certificates with an external CA, see Installing and managing certificates in BMC Atrium Single Sign-On.
- To configure authentication, see Configuring after installation. For a specific authentication method, see the specific method. For example, for LDAP or Active Directory, see Using LDAP (Active Directory) for authentication.