Installing a compact deployment of the portal on Windows

This topic includes the following sections:

• • Communication protocols
  • Before you begin
  • To install on Windows
  • Where to go next

Communication protocols

By default, BladeLogic Portal uses HTTPS communication. The HTTPS protocol encrypts all communication with the BladeLogic Portal server. A self-signed SSL certificate is created for the portal. When a user connects to the portal through a browser for the first time, the browser warns that the connection cannot be verified. Users can follow documented procedures for their browser to import the certificate or add an exception for BladeLogic Portal site. Alternatively, users can  manually add a trusted certificate  to the BladeLogic Portal, which eliminates the security warnings that browsers encounter when they first connect to the BladeLogic Portal server.

In addition to using HTTPS, you can also enable HTTP communication. When users communicate with BladeLogic Portal using HTTP, they connect to an unsecure HTTP port. Communication is unencrypted. BMC does not recommend using HTTP for production purposes.

Before you begin

The following procedure gives you the option of creating a database for BladeLogic Portal and then installing the portal application. BMC recommends this approach. However, if you prefer, you can install the database yourself before starting this procedure. Currently, for Windows installations, the portal requires a database running on Microsoft SQL Server. The database should reside on the same LAN as this installation of BladeLogic Portal. 

• You must obtain the necessary installation files.
• The installation must run on a 64-bit Microsoft Windows 2008 or 2012 operating system.
• BMC Server Automation must be installed and its Application Server started.
• BMC Network Automation must be installed and its application server started.
• The BladeLogic Portal server, the portal database, and the BMC Server Automation Application Server must all reside on the same LAN.
• Web services must be enabled on BMC Server Automation by establishing a communication path (via REST APIs) between the BMC Server Automation Application Server and the server hosting BladeLogic Portal.
• Other applications cannot use ports that you allocate to the BladeLogic Portal server.

Installing additional instances of BladeLogic Portal

The procedure for installing additional instances of BladeLogic Portal is largely the same as installing the first instance. The only major difference is that you do not let the installation program create another database. Instead you reference the database created for the first instance. Where necessary, this procedure describes any steps that must be taken when installing additional instances of BladeLogic Portal.

Upgrading from an earlier release

You can upgrade from BladeLogic Portal 2.1 or 2.2 to the current release. See Upgrading for instructions.

To install on Windows

1. Copy the installation file, BTD22.WIN64.zip, to an appropriate location on the computer where you are installing the portal. 
   In versions earlier than 2.2.01, the file is called BLPortal22.WIN64.zip.
2. Extract the contents of BTD22.WIN64.zip.
   This extraction generates a file structure where the top level directory is named BladeLogicPortal.
3. Navigate to \BladeLogicPortal\windows\Disk1, right-click setup.exe, and select Run as Administrator.
   The portal installer program opens.
   
   
   
4. Select the language you want to use in the installation program and click OK.
   
5. In the welcome window, click Next. 
   A license agreement window opens.
   
   
   

6. To accept the license agreement, select  I agree to the terms of the license agreement and click Next.
   

   The Select Product features window opens.
   
   
   
   By default, both the BladeLogic Portal and the DCA Indexing Server are installed. The DCA Indexing Server is used to store all data used in Threat Director and Vulnerability Manager. If you already have a DCA Indexing Server installed, you can clear that option.

7. Click Next.

8. The Installation Directory Selection window opens. 

    
   
   

9. (Optional)  To select a location other than the default, which is C:\Program Files\BMC Software\BladeLogicPortal, click Browse and choose a new location.
10. Click Next.
    The BladeLogic Portal Configuration window opens.
    
    
11. Provide the following information:
    • HTTPS Port—Listening port for HTTPS traffic. The default value is 8443. 
    • Access portal via HTTP—Select if you want to use the HTTP protocol to access the portal instead of HTTPS. If you select this option, you must provide a value for both HTTP Port and HTTPS Port. The default value for HTTP Port is 8080.
    • Shutdown Port—Port for administrative access. The default value is 8005.
    • JVM Max Heap—Amount of memory, in megabytes, allocated to the Java Virtual Machine (JVM). The default is 8192 MB.
    • HTTP port—Port used for monitoring the DCA Indexing Server. By default this port is set to 9200. The DCA Indexing Server can use a range of 100 ports, skipping any ports in use within that range. The port you designate here is the low end of the 100-port range. If you do not want to leave an HTTP port open for security reasons, you can disable HTTP traffic with the DCA Indexing Server after installation is complete.
    • TCP port—Default port used for required transport layer traffic with the DCA Index Server. The DCA Index Server can use a range of 100 ports, skipping any ports in use within that range. Port 9300 is chosen by default as part of the install process. 
      After installation, if necessary, you can manually specify a different port. 

    • Heap Size—Amount of memory, in megabytes, allocated to the Java Virtual Machine (JVM) on the DCA Indexing Server. The default is 8192 MB.
      
      When you complete this step, the installation program checks the available memory and displays a warning if insufficient memory is available.  

      Click here to learn more about the warning message.

      If a memory check detects the possibility of insufficient memory, it displays the message shown below. Although the message is labeled as an error, the message is actually a warning. If you are installing on a machine with 16 GB of memory and you believe you have sufficient memory, you can proceed with the installation by clicking Next.
      

       

12. Click Next.
    A window requesting database information opens.
    
    
13. Choose the appropriate action:
    • If you have already set up a database and you do not want the installation process to create a database user or schema, or you have already installed one instance of BladeLogic Portal and are now installing another instance:
      1. Clear Create portal database user and Create portal database schema. 
      2. Click Next. A window requests information for the database connection. Proceed to step 15.
    • To let the installer set up a database, take the following actions:
      1. Select Create portal database user if you want the installation process to create a user for the portal database.  Do not select this option if you have already created a database user for the portal database.
      2. Select Create portal database schema if you want the installation process to create the schema for the portal database. Do not select this option if you have already created a portal database.
         If you select this option, the installation process creates a schema in a default location as determined by the database configuration.  
      3. Provide the following information:

         • DB Administrator User—Administrative database user who has rights to create a database user and schema.

           Note

           In SQL Server, the administrative user should have server roles of public and sysadmin.

         • DB Administrator Password—Password for the administrative database user.
         • Confirm Password—Confirm the password by entering it again. 

14. Click Next.
    A window requests information used to define a connection to a database.

    

15. For Windows installations, always select SQL Server and provide the following information for creating a SQL Server database:
    • Unicode Support—Select if the database should support Unicode characters.
    • Host Name—Fully qualified name or IP address of the server that hosts the database.
    • Database Port—Port for communicating with the database. 
    • Database Name—Name assigned to the database that holds portal data.  If you have chosen to let the installer create a database schema, this is the name assigned to that database.
    • Portal User Name —Name of the user that owns the database (not the operational user). If you have chosen to let the installer create a database user, this is the name assigned to that user.
    • Portal User Password—Password for the portal user.
    • Confirm Password—Confirm the password by entering it again.

16. Click Next.
    The Select Sites window opens.

    

17. By default, BladeLogic Portal is installed with connections to both BMC Server Automation and BMC Network Automation, based on information you provide in subsequent windows. Select the products for which you want to specify a connection.

18. Click Next.
    A window requests information about the connection to BMC Server Automation.

    

19. Provide the following connection information:
    • Host Name—Fully qualified name or IP address of the server that hosts the BMC Server Automation Application Server. The Application Server should be configured as type Config or All. 

    • HTTPS Port—Web service communication port configured on the BMC Server Automation Application Server. Typically, the Application Server is configured to use 9843 for its web service communication port.

      Tip

      If you have access to the Application Server, run the following blasadmin command to show its web service communication port:

      show AppServer HttpsPortNumber

    • User Name—Name of the administrative user for BMC Server Automation. This user should have access to all system objects in BMC Server Automation. For this version of the portal, use BLAdmin.
    • Password—Password for the administrative user.
    • Role Name—Name of the administrative role for BMC Server Automation. For this version of the portal, use BLAdmins.
20. Click Next.
    A window requests information about the connection to BMC Network Automation.
    
    
21. Provide the following connection information:
    • Host Name—Fully qualified name or IP address of the server that hosts the BMC Network Automation application server.
    • HTTPS Port—Web service communication port configured on the BMC Network Automation application server. Typically, the application server is configured to use 443 for its web server communication port.
    • User Name—Name of the administrative user for BMC Network Automation. This user should have access to all device objects in BMC Network Automation. For this version of the portal, use sysadmin.
    • Password—Password for the administrative user.
    • Realm Name—Name of the realm that represents the network or set of devices managed by BMC Network Automation. Each device belongs to a single realm. When you initially install BMC Network Automation, all devices belong to a single realm called Default.

22. Click Next.
    A window requests credentials for a user with one or more roles that has at least read-level access to BMC Server Automation. Providing this information lets BladeLogic Portal obtain the most current information for its vulnerability management charts, graphs, and other decision making tools. BMC calls this capability Data Refresh.
    After installation, you can modify the user and role information or add additional users and roles.  

    Note

    Some organizations enter credentials for a superuser such as BLAdmin. However, if you choose to enter a user and roles with a minimum set of permissions, additional configuration is necessary in BMC Server Automation. This configuration ensures that the necessary permissions are set up in BSA to allow the portal to obtain current information.

    
     

23. Provide the following credentials for the Data Refresh user:
    • User Name—Name of a BMC Server Automation user with credentials that can be used for obtaining data from BMC Server Automation. 
    • Password—Password for the user.
    • Auth Method—Method for authenticating the user with BMC Server Automation. Possible choices are Secure Remote Password, Domain Authentication, and LDAP Authentication. Other forms of authentication such as RSA are not compatible with the Data Refresh mechanism.
    • Role Name(s)—One or more roles with at least read-level access to BMC Server Automation. When entering multiple roles, use a comma-separated list. To learn more about specifying roles with a minimum set of permissions, see Configuring-Data-Refresh. 
    • Select Use the credential specified above for automated scan import if you plan to set up a scanner connection used for automatic scan imports. This option was introduced in version 2.2.01.
24. Click Next.
    A window requests information to configure the user details that enable BladeLogic Portal to access the most current information from BMC Network Automation.
    
    

1. Provide the following credentials for the Data Refresh user for BMC Network Automation:
   • User Name—Name of a BMC Network Automation user with credentials that can be used for obtaining data from BMC Network Automation. 
   • Password—Password for the user.
   • Select Use the credential specified above for automated scan import if you plan to set up a scanner connection used for automatic scan imports. This option was introduced in version 2.2.01.
2. Click Next.
   The DCA Indexing Server configuration panel opens, where you can specify the connection details to a remote DCA Index Server.
   This procedure describes how to install a DCA Index Server locally, as specified in step 6. However, you can optionally use this step to establish additional connections to other remote DCA Index Server that are already installed and running.
   
   
3. Because you are installing the DCA Indexing Server on the same host as part of the procedure, you can click Next to bypass this window. 
4. Click Next.
   A summary window shows the features to be installed. 
   
   
5. Click Install.
    Progress bars show installation activity until the Installation Summary window provides details about the completed installation.
   
6. Click Done.

Where to go next

If you want to set up native Windows authentication when the portal communicates with the portal's SQL Server database, see Setting-up-Windows-authentication-for-SQL-Server.

Set up a backup procedure for the DCA Indexing Server. If BladeLogic Portal was already installed and you have just installed another instance, you must be certain that each instance has an identical backup configuration.

If you want to disable HTTP traffic with the DCA Indexing Server, see Disabling or enabling HTTP traffic with the DCA Indexing Server. 

If you are using roles with a limited set of permissions for Data Refresh, see Configuring-Data-Refresh.

When those tasks are complete, see Configuring-after-installation.