IT PAM 3.0 SP1 Installation Steps

Document ID : KB000050485
Last Modified Date : 14/02/2018
Show Technical Document Details


This doc walks the user though the installation of IT PAM 3.0 SP1


This doc covers step-by-step directions for:

  • Installing CA IT PAM and its prerequisites

  • Accessing the user interface to verify the install

Installer for ITPAM

The ITPAM installer can be downloaded from the CA Support site at Once you have copied the installation package proceed to the next step.

NOTE: If this is an upgrade and EEM is already installed, you can skip the EEM installation instructions. But make sure to follow the Create IT PAM Security Objects instructions for upgrading your EEM security objects using the itpam_eem_upgrade3.0SP01.xml file.

Step 1: Install and Configure CA Embedded Entitlements Manager (EEM)

Install EEM

Locate the file "EEMServer_8.4.244_win32.exe" from the DVD2\EEM folder location shown below and double click it.

Figure 1

Figure 2

Click the Next button.

Figure 3

Read the license agreement and highlight acceptance radio button and hit Next.

Enter a password for the EiamAdmin user. Here we will use 'itpam'

Figure 4

Take the default on the next screen for the install location of EEM

Select the Java Home location. The installation should detect it and display the folder name. If not, please provide the Java directory.

Figure 5

The installation will continue for some time

At the end of the installation, the screen shown below will inform you that the installation of EEM is complete.

Figure 6

Verify that you can login to EEM.

Figure 7

Start--> Programs --> CA --> Embedded Entitlements Manager --> EEM UI.

Provide password as 'itpam' that you specified during the installation and hit "Log In" button.

Figure 8

You should be able to see the screen shown above

This means that EEM has been installed successfully

Create IT PAM Security Objects

  1. Copy the IT PAM security configuration XML file ("ITPAM_eem.xml") from the \EEM sub-directory on DVD 2 of the CA IT PAM installation media to the \iTechnology sub-directory that was created when EEM was installed. By default this is:

    C:\Program Files\CA\SharedComponents\iTechnology

    NOTE: If this is an upgrade, copy the itpam_eem_upgrade3.0SP01.xml instead of the itpam_eem.xml file for the above step. And substitute that file name in the command below.

  2. Open a command window and traverse to the location where the ITPAM_eem.xml file was copied in the previous step.

    Safex.exe -h <hostname> -u EiamAdmin -p <Password> -f ITPAM_eem.xml

    Hit Enter and you should see the following as the output of that command. (host name whited out)

    Figure 9

  3. The above result also creates the "itpamcert.p12" file in the \iTechnology sub-directory and populates the required security objects for ITPAM in EEM which we will verify next.

    TIP: Should you encounter a problem the ITPAM objects created can easily be removed by copying the "UnRegisterITPAM.xml" (also located in the \EEM sub-directory on CD 2 of the CA IT PAM installation media) to the \iTechnology sub-directory then running the command:

    safex.exe -h <hostname> -u EiamAdmin -p <Password> -f UnRegisterITPAM.xml

  4. Proper execution of the "safex.exe" command creates the following required IT PAM security groups and users in EEM:

    • ITPAMAdmins group

    • ITPAMUsers group

    • ITPAMAdmin user

    • ITPAMUser user

      Verify IT PAM Security Objects in EEM

      Figure 10

      Use the EEM UI shortcut created by the EEM installation (All Programs -> CA -> Embedded Entitlements Manager -> EEM UI) to launch the application

      When the EEM login screen is displayed, choose "ITPAM" from the Application drop down list. Specify "EiamAdmin" in the user text box. Provide the "EiamAdmin" password that was set when EEM was installed which is 'itpam'.

      Figure 11

      The Home tab is displayed by default. Click on 'Manage Identities'

      Figure 12

      Figure 13

      Click Users and hit Go. You should see 2 users 'itpamadmin' and 'itpamuser.

      Click Groups and click on Go. You should see 2 groups 'ITPAMAdmins' and 'ITPAMUsers.

      Figure 14

      Logout and exit the EEM GUI.

Step 2: Install Third Party components for ITPAM

CA IT PAM relies on the following third party components:

  • JBoss

  • Hibernate

  • JDBC

Locate the file called as "Third_Party_Installer_windows_32.exe" from the Media1 as shown below and double click it.

Figure 15

Click "Next" on the Welcome screen

Figure 16

Accept agreement and hit Next button.

Figure 17

Take the default installation folder and hit Next button

Figure 18

Hit Next button on the next Prerequisites screen

Figure 19

The next screen shows the default location for JBoss installer. Hit Next.

Figure 20

The JBoss installation starts as seen below.

Figure 21

Once the JBoss install completes it prompts for the Hibernate install

Figure 22

Once the install of hibernate is complete, it prompts for the JDBC jar files. For the purposes of this doc we will use Sql Server 2005 as the database. Select the "Add Files" button. Drop down and select MS SQL 2005. The jar file location automatically appears as shown below. Hit the Next button.

Figure 23

We will not be using/configuring the telephony services for purposes of this doc so click Next to continue without making any changes

Figure 24

The next screen shows the status of this installer. Hit Next button.

Figure 25

The installation of the third party components is now complete. Next step is to proceed to the install of ITPAM. Click Browse to select the location of the second media (DVD2). Click the Finish button.

Figure 26

The installation media is copied to a temp location by this installer which can take some time. Click the Finish button to start the ITPAM installation.

Step 3: Install ITPAM

Select Next on the Welcome screen for the ITPAM Domain setup

Figure 27

Accept the Agreement and click the Next button

Figure 28

Provide the location of Java Home as shown below (note: if Java Home is set on your machine, you may not see this screen)

Figure 29

Figure 30

We will not configure the load balancer nor the SSO here. So hit the Next button.

Figure 31

Next enter the company name

Figure 32

Next you will enter a certificate password for ITPAM. For consistency we can use 'itpamcertpass' which is also the certificate password in the ITPAM_eem.xml file which was used to create users/groups earlier. If you have changed this password, you will need to enter the correct password here.

Figure 33

Take the default on the folder name for the Start Menu

Figure 34

Take the defaults for the next screen and check the option for "Install as a Windows Service" as shown. You can also check Support Secure Communication here to use the SSL certificate that comes with ITPAM.

Figure 35

Select a temp directory that your user has read/write access to and click next.

Figure 36

Change the Security Type from LDAP to EEM and hit the Next button

Figure 37

Enter your machine name as the EEM Server Name, ITPAM as the EEM Application Name (it is case sensitive), location of EEM Certificate file and its password (itpamcertpass)as shown below and hit the "Test EEM Settings" button.

Figure 38

Figure 39

The username and password will be itpamadmin/itpamadmin for the Verify Settings box and click OK.

Figure 40

Figure 41

Enter the details about the database server. Select the database as MS SQL, the username and password to access it and then click the "Create Database" button. (Note: this user must have create db privledges)

Figure 42

You should see a message about successful database creation. Click OK button.

Figure 43

Now click the 'Test Database Settings" button. You should see a successful message as below. Click the OK button

Figure 44

For the next screen, just check the box for "copy from main repository" and click the Next button

Figure 45

Figure 46

Check the only box on the next screen to specify the JAR files and click Next

Figure 47

Check the appropriate connectors and hit Next and continue

Figure 48

The installation starts

Figure 49

When the install is complete, you will see the following screen

Figure 50

This confirms the installation of ITPAM is complete.

Step 4: Verifying installation of ITPAM

Open Windows Services and verify that the ITPAM services is created, and start it if it is not already started

Figure 51

Go to Start > Programs > CA > ITPAM Domain > Start ITPAM Client. Then enter the username and password as itpamadmin/itpamadmin. Select Log In.

Figure 52

You will see the ITPAM Management Console as below

Figure 53

Click the ITPAM Client link at the top and wait for the Client to download

Figure 54

Once the ITPAM Client downloads you will see as below

Figure 55

If the client does not load or gives an error, make sure to add the URL for ITPAM to your browser's trusted sites.

Congratulations! You have successfully completed ITPAM install and configuration.