Installing the first node for an HA cluster

The following provides information and instructions for installing the first node for an HA cluster.

Before you begin

• Obtain the zipped BMC Atrium Single Sign-On files from the BMC product package via Electronic Product Download (EPD) or the BMC Atrium Single Sign-On DVD.

• If there is already an installation of BMC Atrium Single Sign-On on the target computer, the installer will not allow another installation. Uninstall the existing version.

  Note

  The Apache Tomcat server used by BMC Atrium Single Sign-On cannot be shared with any product that integrates with BMC Atrium Single Sign-On. BMC recommends that BMC Atrium Single Sign-On be the only application in the Tomcat server.

• If you are using an external Tomcat, complete the prerequisites given in  Prerequisites to install BMC Atrium Single Sign-On on an external Tomcat server.
• Prepare to run the installation program for your operating system. For example,
  • You must update Terminal Services configuration options and configure the DEP feature if you are using Windows. For more information, see Prerequisites to install BMC Atrium Single Sign-On on the Windows platform.
  • If you are using Linux, the user must have the following permissions:
    • read/write/execute for the destination directory,
    • to execute Java, and
    • read/write to Tomcat directory (in case of using external Tomcat server instead of out-of-the-box Tomcat).

To install the first node for an HA cluster

1. Unzip the BMC Atrium Single Sign-On files.
   

   Note

   For UNIX and Solaris, unzip the file using the following command: $gtar xzvf BMCAtriumSSO.solaris.tar.gz.

   
   

2. Run the installation program.
   The setup executable is located in the Disk1 directory of the extracted files.
   • (Microsoft Windows ) Run setup.exe
   • (UNIX and Solaris) Run setup.sh
3. In the lower right corner of the Welcome panel, click Next.
4. Review the license agreement, click I agree to the terms of license agreement, and then click Next.
5. BMC Atrium Single Sign-On installer.
   
6. Select the Install BMC Atrium Single Sign-On 9.0.00 check box and click Next.
7. Accept the default destination directory or browse to select a different directory, and then click Next.

8. In the Host Name Information panel, verify that the hostname presented is the Fully Qualified Domain Name (FQDN) for the host, and then click Next.
   Correct the value as needed.
   
   

   Important

   Ensure that the host name does not contain the underscore ( _ ) symbol.

9. In the BMC Atrium SSO Server Cluster Options panel, perform the following actions:
   
   1. Select Clustered BMC Atrium SSO Server.
   2. Select New Cluster Installation (First node).
   3. Click Next.

10. Enter a file name and location for storing the cluster configuration information and click Next.
    This cluster configuration file is needed when subsequent nodes are added to the cluster.

    Important

    This file contains sensitive information that is used when installing additional nodes.

11. Enter the LDAP port number (8091), LDAP replication port (8092), LDAP administration port (8093), and click Next.
12. Enter the load balancer URL and click Next.
    For example:
    https://loadBalancerFQDN:port/atriumsso
    https://BMCLoadBalancer.bmc.com:8443/atriumsso

13. Select one of the following Tomcat installation options, and then click Next:

    • Install New Tomcat (default)

       Click here to read the tasks related to installing on a new tomcat server.

      Accept the default HTTPS port number (8443) and Shutdown port number (8005), or enter different port numbers, and then click Next.
      If any of the port numbers are incorrect, a panel identifies the incorrect port numbers and requires you to return to the previous page to correct the values before proceeding with the installation.

      Note: When installing on Linux servers, port selections below 1000 require the server to run as root or use a port-forwarding mechanism.

    • Use External Tomcat.

       Click here to read the tasks related to installing on an external tomcat server.

      1. Enter the Tomcat server directory at the prompt and click Next.
      2. At the Tomcat Application Server Selection panel, enter the path to the Tomcat server.
         After the path is entered, the installer verifies that:
         • The directory has a webapps directory that can be written to.
         • The main program, tomcat6.exe, is present (even on UNIX).
         • The server.xml file contains a Connector with port and secure defined and scheme set to https. The installer parses important information from this Connector entry and stores it.
           The installer deploys the BMC Atrium Single Sign-On web application to the Tomcat server, prompting that you start or stop it when necessary.
      3. Enter additional information at the prompts. Be prepared with information about:
         • JDK directory location
         • Tomcat server port
         • BMC Atrium Single Sign-On Truststore certificate location and password
         • BMC Atrium Single Sign-On Keystore password, alias, and certificate

14. Enter a cookie domain and click Next.
    The domain value of the cookie should be the network domain of BMC Atrium Single Sign-On or one of its parent domains. For more information, see Default cookie domain.

    Important

    • The higher the level of the selected parent domain, the higher the risk of user impersonation.
    • You cannot use sibling domains or cross-domains with BMC Atrium Single Sign-On. For example, installing the BMC Atrium Single Sign-On server in the remedy.com domain and the AR System server in the bmc.com domain is not supported. You must move all your computers into the same domain.
15. Enter a strong administrator password, confirm the password, and click Next.
    The default administrator name is amadmin.

16. Choose one of the following options:

     If you have selected new tomcat, click here to read the instructions.

    Review the installation summary and click Install.
    After the first node has been successfully installed, additional nodes can be added to the cluster by using the file created during the first installation.

     If you have selected external tomcat, click to read further.

    1. (Windows ) You will be asked whether your external Tomcat server is started using scripts or as a Windows service.
    2. Stop the Tomcat server.
    3. After installation is complete, follow the installer directions to restart the Tomcat server.
       The Tomcat server can now be used as the BMC Atrium Single Sign-On application server. If you make modification to the server configuration, be sure to test each change to ensure that the BMC Atrium Single Sign-On application continues to function correctly.
    4. Replace the existing certificate with a Certificate Authority (CA) signed identity certificate.

    
    
    

Verifying the installation

1. Verify that your BMC Atrium Single Sign-On installation was successful by accessing the BMC Atrium Single Sign-On URL.
   1. Navigate to Start > All Programs > BMC Software > BMC Atrium SSO > Administrator to launch the BMC Atrium SSO Admin Console.
      The URL to open the BMC Atrium SSO Admin Console is:
      https://<ssoServer>.<domain>:<port>/atriumsso
      For example:
      https://ssoServer.bmc.com:8443/atriumsso

   2. When you are prompted that you are connecting to an untrusted connection, add the exception and then continue.

      Note

      Browsers display this warning because you have not yet configured the SSO authentication as a trusted provider.

   3. Confirm that you can view the BMC Atrium Single Sign-On login panel.

   4. Log on with the SSO administrator name (for example, amadmin) and password.
      The BMC Atrium SSO Admin Console appears.
      
      

      Note

      The amadmin is the default administrator user for BMC Atrium Single Sign-on. You can use the amadmin user only for accessing BMC Atrium SSO Admin Console. You cannot logon to your authenticating BMC applications using the amadmin user.

2. Verify that your BMC Atrium Single Sign-On installation was successful by accessing the SSO load balancer.
   For example:
   https://ssoloadbalancer.bmc.com:8443/atriumsso}
   The BMC Atrium SSO login screen appears. After you log on, the SSO server appears in the HA Nodes List.
   
3. (Optional) Create an administrative user account for BMC Products to perform search functions on the user store (for example, to list user names and emails).
   • If you are using the BMC Atrium Single Sign-On server's internal LDAP, assign the BMCSearchAdmins group to the new user account.
   • If you are using an external system for authentication (such as AR System, LDAP, or Active Directory), assign the BmcSearchAdmins group to either an already existing user account or a new user account.

Where to go from here

• If you reached this topic from Installing BMC Atrium Single Sign-On as a High Availability cluster, ensure to complete the rest of the process (Installing additional nodes for an HA cluster  and HA post-installation activities).
• If you reached this topic directly, see Installing additional nodes for an HA cluster on a new Tomcat server.