This doc walks the user though the installation of IT PAM 3.0 SP1
This doc covers step-by-step directions for:
- Installing CA IT PAM and its prerequisites
- Accessing the user interface to verify the install
Installer for ITPAM
The ITPAM installer can be downloaded from the CA Support site at support.ca.com. Once you have copied the installation package proceed to the next step.
NOTE: If this is an upgrade and EEM is already installed, you can skip the EEM installation instructions. But make sure to follow the Create IT PAM Security Objects instructions for upgrading your EEM security objects using the itpam_eem_upgrade3.0SP01.xml file.
Step 1: Install and Configure CA Embedded Entitlements Manager (EEM)
Locate the file "EEMServer_8.4.244_win32.exe" from the DVD2\EEM folder location shown below and double click it.
Click the Next button.
Read the license agreement and highlight acceptance radio button and hit Next.
Enter a password for the EiamAdmin user. Here we will use 'itpam'
Take the default on the next screen for the install location of EEM
Select the Java Home location. The installation should detect it and display the folder name. If not, please provide the Java directory.
The installation will continue for some time
At the end of the installation, the screen shown below will inform you that the installation of EEM is complete.
Verify that you can login to EEM.
Start--> Programs --> CA --> Embedded Entitlements Manager --> EEM UI.
Provide password as 'itpam' that you specified during the installation and hit "Log In" button.
You should be able to see the screen shown above
This means that EEM has been installed successfully
Create IT PAM Security Objects
- Copy the IT PAM security configuration XML file ("ITPAM_eem.xml") from the \EEM sub-directory on DVD 2 of the CA IT PAM installation media to the \iTechnology sub-directory that was created when EEM was installed. By default this is:
NOTE: If this is an upgrade, copy the itpam_eem_upgrade3.0SP01.xml instead of the itpam_eem.xml file for the above step. And substitute that file name in the command below.
- Open a command window and traverse to the location where the ITPAM_eem.xml file was copied in the previous step.
Safex.exe -h <hostname> -u EiamAdmin -p <Password> -f ITPAM_eem.xml
Hit Enter and you should see the following as the output of that command. (host name whited out)
- The above result also creates the "itpamcert.p12" file in the \iTechnology sub-directory and populates the required security objects for ITPAM in EEM which we will verify next.
TIP: Should you encounter a problem the ITPAM objects created can easily be removed by copying the "UnRegisterITPAM.xml" (also located in the \EEM sub-directory on CD 2 of the CA IT PAM installation media) to the \iTechnology sub-directory then running the command:
safex.exe -h <hostname> -u EiamAdmin -p <Password> -f UnRegisterITPAM.xml
- Proper execution of the "safex.exe" command creates the following required IT PAM security groups and users in EEM:
- ITPAMAdmins group
- ITPAMUsers group
- ITPAMAdmin user
- ITPAMUser user
Verify IT PAM Security Objects in EEM
Use the EEM UI shortcut created by the EEM installation (All Programs -> CA -> Embedded Entitlements Manager -> EEM UI) to launch the application
When the EEM login screen is displayed, choose "ITPAM" from the Application drop down list. Specify "EiamAdmin" in the user text box. Provide the "EiamAdmin" password that was set when EEM was installed which is 'itpam'.
The Home tab is displayed by default. Click on 'Manage Identities'
Click Users and hit Go. You should see 2 users 'itpamadmin' and 'itpamuser.
Click Groups and click on Go. You should see 2 groups 'ITPAMAdmins' and 'ITPAMUsers.
Logout and exit the EEM GUI.
Step 2: Install Third Party components for ITPAM
CA IT PAM relies on the following third party components:
Locate the file called as "Third_Party_Installer_windows_32.exe" from the Media1 as shown below and double click it.
Click "Next" on the Welcome screen
Accept agreement and hit Next button.
Take the default installation folder and hit Next button
Hit Next button on the next Prerequisites screen
The next screen shows the default location for JBoss installer. Hit Next.
The JBoss installation starts as seen below.
Once the JBoss install completes it prompts for the Hibernate install
Once the install of hibernate is complete, it prompts for the JDBC jar files. For the purposes of this doc we will use Sql Server 2005 as the database. Select the "Add Files" button. Drop down and select MS SQL 2005. The jar file location automatically appears as shown below. Hit the Next button.
We will not be using/configuring the telephony services for purposes of this doc so click Next to continue without making any changes
The next screen shows the status of this installer. Hit Next button.
The installation of the third party components is now complete. Next step is to proceed to the install of ITPAM. Click Browse to select the location of the second media (DVD2). Click the Finish button.
The installation media is copied to a temp location by this installer which can take some time. Click the Finish button to start the ITPAM installation.
Step 3: Install ITPAM
Select Next on the Welcome screen for the ITPAM Domain setup
Accept the Agreement and click the Next button
Provide the location of Java Home as shown below (note: if Java Home is set on your machine, you may not see this screen)
We will not configure the load balancer nor the SSO here. So hit the Next button.
Next enter the company name
Next you will enter a certificate password for ITPAM. For consistency we can use 'itpamcertpass' which is also the certificate password in the ITPAM_eem.xml file which was used to create users/groups earlier. If you have changed this password, you will need to enter the correct password here.
Take the default on the folder name for the Start Menu
Take the defaults for the next screen and check the option for "Install as a Windows Service" as shown. You can also check Support Secure Communication here to use the SSL certificate that comes with ITPAM.
Select a temp directory that your user has read/write access to and click next.
Change the Security Type from LDAP to EEM and hit the Next button
Enter your machine name as the EEM Server Name, ITPAM as the EEM Application Name (it is case sensitive), location of EEM Certificate file and its password (itpamcertpass)as shown below and hit the "Test EEM Settings" button.
The username and password will be itpamadmin/itpamadmin for the Verify Settings box and click OK.
Enter the details about the database server. Select the database as MS SQL, the username and password to access it and then click the "Create Database" button. (Note: this user must have create db privledges)
You should see a message about successful database creation. Click OK button.
Now click the 'Test Database Settings" button. You should see a successful message as below. Click the OK button
For the next screen, just check the box for "copy from main repository" and click the Next button
Check the only box on the next screen to specify the JAR files and click Next
Check the appropriate connectors and hit Next and continue
The installation starts
When the install is complete, you will see the following screen
This confirms the installation of ITPAM is complete.
Step 4: Verifying installation of ITPAM
Open Windows Services and verify that the ITPAM services is created, and start it if it is not already started
Go to Start > Programs > CA > ITPAM Domain > Start ITPAM Client. Then enter the username and password as itpamadmin/itpamadmin. Select Log In.
You will see the ITPAM Management Console as below
Click the ITPAM Client link at the top and wait for the Client to download
Once the ITPAM Client downloads you will see as below
If the client does not load or gives an error, make sure to add the URL for ITPAM to your browser's trusted sites.
Congratulations! You have successfully completed ITPAM install and configuration.