Planning and installing the server

IBM recommends installing the Security Compliance Manager server on a system with a high processor speed and ample disk space. The system that contains the server should be solely dedicated to that task. This configuration allows the system to be tuned and optimized for running Security Compliance Manager. This configuration also keeps the server from having to compete with other applications for system resources. The Security Compliance Manager server benefits from being installed on a multi-processor machine, as different threads can be distributed and executed by different processors.

The database server serves as the repository for all Security Compliance Manager data. The database server can be installed on the same system as the Security Compliance Manager server; however, for better performance, the database server should be installed on a separate system. For even greater performance, the database server can be installed on a multi-processor machine. ABBC’s project team decides to install the Security Compliance Manager server and the Security Compliance Manager database on different multi-processor machines, as shown in Figure 6-2, because the Security Compliance Manager server has to manage 7,000 servers’ operating systems, middleware systems, and applications.

Figure 6-2 Security Compliance Manager server and database on different systems The following list discusses the installation tasks for this configuration: 1. Installation of the DB2 database system on the DB2 database server

You have to create a separate file system for the DB2 database that is to be used by the server. Creating a separate file system does not remove the possibility of filling up a file system, but it does reduce the impact to other applications. Additionally, other applications do not influence the availability of the Security Compliance Manager database and separate file systems are also easier to backup. The IBM DB2 Universal Database Installation and

DB2 Database Server JAC ITSCM Server ITSCM Server component DB2 JDBC driver ITSCM DB configuration

2. Installation of the Security Compliance Manager database configuration on the DB2 database server

Chapter 2, “Installing the Tivoli Security Compliance Manager server“, of the IBM Tivoli Security Compliance Manager Version 5.1 Installation Guide: All Components, GC32-1592 explains the installation steps of the database configuration for Security Compliance Manager. In this step, the Security Compliance Manager installer creates the database JAC on the DB2 database server, prefills the JAC tables with required data objects, and creates the Security Compliance Manager senior administration user for this installation.

3. Copying the DB2 JDBC™ driver files to the Security Compliance Manager server

You need to copy the DB2 JDBC driver files db2java.zip and db2jcc.jar to the Security Compliance Manager server in any directory. In step 4, you have to specify the absolute path of the JDBC driver db2java.zip. It is important to use the JDBC driver of the actual database server. The version of the JDBC driver depends on the OS version and database version being used.

4. Installation of the Security Compliance Manager server component on the Security Compliance Manager server system

Chapter 2, “Installing the Tivoli Security Compliance Manager server“, of the IBM Tivoli Security Compliance Manager Version 5.1 Installation Guide: All Components, GC32-1592 explains, in detail, the installation steps of the Security Compliance Manager server component. During the installation of the Security Compliance Manager server component, you have to specify the absolute path of the JDBC driver db2java.zip. The Security Compliance Manager installer creates links from the Security Compliance Manager’s jar directory to the JDBC driver files. In addition, you have to specify the database instance ID and password during the installation. The Security Compliance Manager installer obfuscates the password and stores it in the Security Compliance Manager’s server.ini file. The installer starts the Security Compliance Manager server automatically.

Tip: You can create the database instance for Security Compliance Manager

during the installation of the DB2 software in one step or use the db2setup program to create the database instance after a successful base installation. Using the db2setup method is the preferred method to ensure that the database instance is working correctly for the Security Compliance Manager server.

5. Verify the Security Compliance Manager server installation

Stop the Security Compliance Manager server and set the debug parameter in the server’s server.ini file to true. Restart the Security Compliance Manager server and verify the entries in the server.log file. The file should contain the following or similar entries after a successful start:

[20050313 13:05:18.562] ################ SERVER STARTING ############### [20050313 13:05:18.572] Server password found in cache

[20050313 13:05:18.572] Opening server keystore: /opt/IBM/SCM/server/keystores/server.jks

[20050313 13:05:18.752] Loading provider certificates [20050313 13:05:20.365] Setting up SSL Server

[20050313 13:05:25.592] Creating server DB Connection Pool [20050313 13:05:27.074] Creating administrator DB Connection Pool [20050313 13:05:29.728] DHCP autoregister is: false

[20050313 13:05:29.728] Starting service: com.ibm.jac.license.LicenseManager [20050313 13:05:30.139] Starting service: com.ibm.jac.server.aco.ACOSecurityManager [20050313 13:05:33.063] Starting service: com.ibm.jac.server.JACConfigurationManager

[20050313 13:05:33.063] Starting service: com.ibm.jac.server.SecurityServer [20050313 13:05:33.283] Starting service: com.ibm.jac.server.ClientDistributionService [20050313 13:05:33.323] Starting service: com.ibm.jac.server.ClientDistributionService2 [20050313 13:05:33.333] Starting service: com.ibm.jac.server.ScheduledQueries [20050313 13:05:33.714] Starting service: com.ibm.jac.server.ScheduledPolicies

[20050313 13:05:33.724] Starting service: com.ibm.jac.server.ServerBackend [20050313 13:05:33.824] Starting service: com.ibm.jac.server.ClientToServer [20050313 13:05:33.834] Starting service:

com.ibm.jac.server.ClientServerPull2

[20050313 13:05:33.864] Returned to idle queue: PoolThread-1 [20050313 13:05:33.864] Returned to idle queue: PoolThread-2 [20050313 13:05:33.864] Returned to idle queue: PoolThread-3

[20050313 13:05:33.884] Listening for client connections on: 0.0.0.0:1951 [20050313 13:05:33.884] Returned to idle queue: PoolThread-4

[20050313 13:05:34.004] Returned to idle queue: PoolThread-5

[20050313 13:05:34.234] Starting service: com.ibm.jac.server.DeltaTables [20050313 13:05:34.535] Starting service: com.ibm.jac.server.TableCleaner [20050313 13:05:34.615] Starting service:

com.ibm.jac.server.AdminServerFactory [20050313 13:05:34.625] All services started