Once you have used the Manage Nodes utility on the primary or replica database server to create a node package, you must transfer it to the target host. RSA Security recommends that you transfer the package through a secure network or by removable media.
Note the location on the target host where you copy the package. This information, along with the master password, is required during installation.
GUI-Based Installation
Use the GUI-based installer if you prefer standard graphical screens to assist you through the process.
Installation time varies depending on system speed and memory. Make sure you allow at least one hour to perform the installation.
Important: Make sure the primary or replica instance where you created the node package is running before you begin the installation.
To install Authentication Manager using the GUI-based installer:
1. Locate and launch the installer for your platform:
• auth_mgr\win32-x86\setup.exe (Windows)
• auth_mgr/linux-x86/setup.sh (Linux)
2. Respond to the prompts for Welcome, Select Region, License Agreement, and Choose Destination Location.
6: Installing a Server Node for Improved Performance 55 3. Select Authentication Manager Node.
Important: At this point, the installer informs you of unmet or missing requirements and prerequisites for installation and offers you the option to continue anyway. Select Continue anyway only if you are directed to do so by RSA Customer Support or if you are certain you want to accept the risk.
On Linux, the installer may warn you to run a system configuration script before continuing. Run this script as root user, not as the installation user. See
“System Update Script for Linux” on page 25.
Note: If you want to change the installation type at a later date, you must uninstall the existing Authentication Manager and reinstall it using the new installation type. Installation types are described in “Installation Types” on page 11.
4. The installer displays the hostname and IP address that will be used for installation. Check this information. Click OK > Next if it is the expected hostname and IP address.
Note: If the machine has multiple network interface cards, make sure the IP address and hostname you specify during installation belong to the interface you want to use. The default is for the primary network adapter. The Security Console listens only to the IP address you specify.
5. Locate the folder that contains your Authentication Manager license file, server key, and certificate files. Click Browse to find and select this folder on the installation host (the files in the folder are not displayed). Click Next, and verify the license information.
The license allows you access to certain functionality and limits the number of users that can be registered. The server key and certificate are used to verify (authenticate) the identity of the server.
6. Review the summary screen, verifying the features you have selected and the disk space required.
7. Enter the following information at the prompts:
• The location of the node package you created and transferred from the primary instance. If you have not finished these tasks, see “Preparing to Install a Server Node” on page 53.
• The master password for the primary instance, specified at primary installation time.
8. To begin copying Authentication Manager files, click Install.
The installer begins copying files and displays a progress indicator.
9. Click Finish to close the installer.
Unless you clear the checkboxes for opening the Release Notes and Security Console, these will open in your default browser after you click Finish.
56 6: Installing a Server Node for Improved Performance 10. When prompted by your browser, accept the certificate for the Security Console.
As part of the normal installation, the installer creates a certificate authority and uses it to sign the Security Console browser certificate.
11. Continue to “Securing Backup Files” on page 59 to perform important post-installation tasks.
If you encounter any problems installing Authentication Manager, see Appendix A,
“Troubleshooting.”
Command Line Installation
Use the command line installation if you prefer a command interface or if you intend to run the installation through a script. The prompts for command line installation are displayed with instructions on how to proceed or select options. Enter 1 to proceed, 3 to cancel, and 5 to redisplay.
Important: Make sure the primary or replica instance where you created the node package is running before you begin the installation.
To install Authentication Manager using the command line installer:
1. From a command prompt, change to the directory containing the installer:
• auth_mgr\win32-x86\setup.exe (Windows)
• auth_mgr/linux-x86/setup.sh (Linux) 2. Enter the appropriate command for your platform:
For Windows, type:
setup.exe -console For Linux, type:
./setup.sh -console
3. Respond to the prompts for Select Region, License Agreement, and Choose Destination Location.
Note: If you are not automatically taken to the next prompt, type 0.
4. Select Authentication Manager Node.
Important: At this point, the installer informs you of unmet or missing requirements and prerequisites for installation and offers you the option to continue anyway. Select “Continue anyway” only if you are directed to do so by RSA Customer Support or if you are certain you want to accept the risk.
On Linux, the installer may warn you to run a system configuration script before continuing. Run this script as root user, not as the installation user. See
“System Update Script for Linux” on page 25.
6: Installing a Server Node for Improved Performance 57 5. The installer displays the hostname and IP address that will be used for
installation. Check this information, and select 1 if it is the expected hostname and IP address.
Note: If the machine has multiple network interface cards, make sure the IP address and hostname you specify during installation belong to the interface you want to use. The default is for the primary network adapter. The Security Console listens only to the IP address you specify.
6. Enter the name of the folder that contains your Authentication Manager license file, server key, and certificate files.
The license allows you access to certain functionality and limits the number of users that can be registered. The server key and certificate are used to verify (authenticate) the identity of the server.
7. Review the summary screen, verifying the features you have selected and the disk space required.
8. Enter the following information at the prompts:
• The location of the node package you created and transferred from the primary instance. If you have not finished these tasks, see “Preparing to Install a Server Node” on page 53.
• The master password for the primary instance, specified at primary installation time.
Once you proceed from this screen, the installer begins copying files and displays a progress indicator. To cancel the installation, enter 3, and respond 1 (Yes) to the prompts to remove installer files.
9. When the installer displays a message indicating successful installation, continue to “Securing Backup Files” on page 59 to perform important post-installation tasks.
If you encounter any problems installing Authentication Manager, see Appendix A,
“Troubleshooting.”
Silent Installation
For a silent installation, you must:
• Locate the appropriate response file template for your installation type (primary instance, replica instance, or server node), edit it with your actual values, and save it as a response file.
• Launch the installer with arguments that specify ‘silent’ and point to the response file.
These tasks are described in the following sections.
Creating a Response File from the Template
Locate the following response file templates in resource/silent_install/:
58 6: Installing a Server Node for Improved Performance
• primary_template.txt
• replica_template.txt
• node_template.txt
To create a response file from the template:
1. Open the appropriate template file for your installation type.
2. Enable settings in the template by removing the leading ### characters from each line of text (search to find the settings you can change).
3. Specify values for enabled settings by replacing the characters '<value>' with the actual value for that setting.
See the manual installation chapter for your installation type. For example, refer to Chapter 4, “Installing an RSA Authentication Manager Primary Instance” when editing primary_template.txt.
4. Save your changes with a new filename. This filename is required in the next step, launching a silent installation.
Launching a Silent Installation
Important: Make sure the primary or replica instance where you created the node package is running before you begin the installation.
To perform a silent installation, add -silent -options response_file to your installation command.
GUI-Based Windows Example:
setup.exe -silent -options response1.txt Command Line Windows Example:
setup.exe -console -silent -options response1.txt GUI-Based Linux Example:
setup.sh -silent -options response1.txt Command Line Linux Example:
setup.sh -console -silent -options response1.txt
Note: If you use the GUI-based installer for silent installation, the screens are displayed with the response file values in place of the defaults, which may be manually overridden.
6: Installing a Server Node for Improved Performance 59
Securing Backup Files
The installer automatically backs up a list of important files to
RSA_AM_HOME/backup. Immediately after installation, move the backup directory to a secure location.
Important: For highest security, store SYSTEM.SRK, included in your backup folder, on removable media. Retrieve this private key only for disaster recovery.