This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.Click here to view the documentation for a supported version of Remedy Single Sign-On.

Installing additional nodes for an HA cluster

The following provides information and instructions for installing additional nodes for an HA cluster on a new Tomcat.

Before you begin

  • Install the first node for an HA cluster.
  • Obtain the zipped BMC Atrium Single Sign-On files from the BMC product package via Electronic Product Download (EPD) or the BMC Atrium Single Sign-On DVD for the additional nodes.

  • If there is already an installation of BMC Atrium Single Sign-On on the target computer, the installer will not allow another installation. Uninstall the existing version.

    Note

    The Apache Tomcat server used by BMC Atrium Single Sign-On cannot be shared with any product that integrates with BMC Atrium Single Sign-On. BMC recommends that BMC Atrium Single Sign-On be the only application in the Tomcat server.

  • Ensure that the first node and all the additional nodes are running in the HA cluster.
  • If you are using an external Tomcat, complete the prerequisites given in  Prerequisites to install BMC Atrium Single Sign-On on an external Tomcat server.
  • Prepare to run the installation program for your operating system. For example,
    • You must update Terminal Services configuration options and configure the DEP feature if you are using Windows. For more information, see Prerequisites-to-install-BMC-Atrium-Single-Sign-On-on-the-Windows-platform.
    • If you are using Linux, the user must have the following permissions:
      • read/write/execute for the destination directory,
      • to execute Java, and
      • read/write to Tomcat directory (in case of using external Tomcat server instead of out-of-the-box Tomcat).

To install an additional node for an HA cluster

During subsequent node installations, previously installed nodes must be available so the newly added node can fully integrate into the cluster.

  1. Ensure that all nodes are running and available.

  2. Unzip the BMC Atrium Single Sign-On files on the secondary node.

    Note

    For UNIX and Solaris, unzip the file using the following command: $gtar xzvf BMCAtriumSSO.solaris.tar.gz.

  3. Copy the cluster configuration file (created during the first node's installation) to the Disk1 directory of the extracted files before installing BMC Atrium Single Sign-On on the node.

    Note

    The installation and configuration information of the first node is used when installing additional nodes.

  4. Run the installation program.
     Launch the setup executable located in the Disk1 directory of the extracted files.
    • (Microsoft Windows ) Run setup.exe
    • (UNIX and Solaris) Run setup.sh
  5. In the lower right corner of the Welcome panel, click Next.
  6. Review the license agreement, click I agree to the terms of license agreement, and then click Next.
    BMC Atrium Single Sign-On installer
    SSO_9_0_Install.jpg
  7. Select the Install BMC Atrium Single Sign-On 9.0.00 check box and click Next.
  8. Accept the default destination directory or browse to select a different directory, and then click Next.

  9. In the Host Name Information panel, verify that the hostname presented is the Fully Qualified Domain Name (FQDN) for the host, and then click Next.
     Correct the value as needed.

    Important

    Ensure that the host name does not contain the underscore ( _ ) symbol.

  10. In the BMC Atrium SSO Server Cluster Options panel, perform the following actions:
    SSO_addnodeexistingcluster.jpg
    1. Select Clustered Atrium SSO Server.
    2. Select Add this node to an existing cluster.
    3. Click Next.
  11. In the BMC Atrium SSO Cluster Configuration File Information panel, browse to the Disk1 directory where you copied the file, and then click Next.
  12. Enter the LDAP port number (8091), LDAP replication port (8092), LDAP administration port (8093), and click Next.

  13. Select one of the following Tomcat installation options, and then click Next:

    • Install New Tomcat (default)

      Click here to read the tasks related to installing on a new tomcat server.

      a. Accept the default HTTPS port number (8443) and Shutdown port number (8005), or enter different port numbers, and then click Next.
      If any of the port numbers are incorrect, a panel identifies the incorrect port numbers and requires you to return to the previous page to correct the values before proceeding with the installation.

      Note: When installing on Linux servers, port selections below 1000 require the server to run as root or use a port-forwarding mechanism.

      b. Review the installation summary and click Install.

    • Use External Tomcat.

      Click here to read the tasks related to installing on an external tomcat server.
      1. Enter the Tomcat server directory at the prompt and click Next.
      2. At the Tomcat Application Server Selection panel, enter the path to the Tomcat server.
        After the path is entered, the installer verifies that:
        • The directory has a webapps directory that can be written to.
        • The main program, tomcat6.exe, is present (even on UNIX).
        • The server.xml file contains a Connector with port and secure defined and scheme set to https. The installer parses important information from this Connector entry and stores it.
           The installer deploys the BMC Atrium Single Sign-On web application to the Tomcat server, asking that you start or stop it when necessary.
      3. Enter additional information at the prompts. Be prepared with information about:
        • JDK directory location
        • Tomcat server port
        • BMC Atrium Single Sign-On Truststore certificate location and password
        • BMC Atrium Single Sign-On Keystore password, alias, and certificate
      4. (Windows ) You will be asked whether your external Tomcat server is started using scripts or as a Windows service.
      5. Stop the Tomcat server.
      6. After installation is complete, follow the installer directions to restart the Tomcat server.
         The Tomcat server can now be used as the BMC Atrium Single Sign-On application server. If you make modification to the server configuration, be sure to test each change to ensure that the BMC Atrium Single Sign-On application continues to function correctly.
      7. Replace the existing certificate with a Certificate Authority (CA) signed identity certificate.

    After the second node has been successfully installed, additional nodes can be added to the cluster by using the file created during the first installation.

Verifying the installation

  1. Verify that your BMC Atrium Single Sign-On installation was successful by accessing the BMC Atrium Single Sign-On URL.
    1. Navigate to Start > All Programs > BMC Software > BMC Atrium SSO > Administrator to launch the BMC Atrium SSO Admin Console .
       The URL to open the BMC Atrium SSO Admin Console is:
      https://<ssoServer>.<domain>:<port>/atriumsso/atsso/console/login/Login.html
       For example:
      https://ssoServer.bmc.com:8443/atriumsso/atsso/console/login/Login.html

    2. When you are prompted that you are connecting to an untrusted connection, add the exception and then continue.

      Note

      Browsers display this warning because you have not yet configured the SSO authentication as a trusted provider.

    3. Confirm that you can view the BMC Atrium Single Sign-On login panel.

    4. Log on with the SSO administrator name (for example, amadmin) and password.
       The BMC Atrium SSO Admin Console appears.
       (Click the image to expand it.)
      8100SSOAdminConsole.gif

      Note

      The amadmin is the default administrator user for BMC Atrium Single Sign-on. You can use the amadmin user only for accessing BMC Atrium SSO Admin Console. You cannot logon to your authenticating BMC applications using the amadmin user.

  2. Verify that your BMC Atrium Single Sign-On installation was successful by accessing the SSO load balancer.
     For example:
    https://ssoloadbalancer.bmc.com:8443/atriumsso
     The BMC Atrium SSO login screen appears. After you log on, your SSO servers appear in the HA Nodes List.
    81SSOLB.gif
  3. (Optional) Create an administrative user account for BMC Products to perform search functions on the user store (for example, to list user names and emails).
    • If you are using the BMC Atrium Single Sign-On server's internal LDAP, assign the BMCSearchAdmins group to the new user account.
    • If you are using an external system for authentication (such as AR System, LDAP, or Active Directory), assign the BmcSearchAdmins group to either an already existing user account or a new user account.

Where to go from here

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*