HP Anywhere Installation and Configuration Guide
HP Anywhere Installation and Configuration Guide
HP Anywhere Installation and Configuration Guide
Document Release Date: August 2012 Software Release Date: August 2012
Legal Notices
Warranty
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
Copyright Notice
Copyright 2011 Hewlett-Packard Development Company, L.P.
Trademark Notices
Adobe is a trademark of Adobe Systems Incorporated. This product includes an interface of the 'zlib' general purpose compression library, which is Copyright 1995-2002 Jean-loup Gailly and Mark Adler. AMD and the AMD Arrow symbol are trademarks of Advanced Micro Devices, Inc. Google and Google Maps are trademarks of Google Inc. Intel, Itanium, Pentium, and Intel Xeon are trademarks of Intel Corporation in the U.S. and other countries. Java is a registered trademark of Oracle and/or its affiliates. Microsoft, Windows, Windows NT, Windows XP, and Windows Vista are U.S. registered trademarks of Microsoft Corporation. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. UNIX is a registered trademark of The Open Group.
Page 2 of 33
HP Anywhere (9.1)
Documentation Updates
The title page of this document contains the following identifying information:
l l l
Software Version number, which indicates the software version. Document Release Date, which changes each time the document is updated. Software Release Date, which indicates the release date of this version of the software.
To check for recent updates or to verify that you are using the most recent edition of a document, go to: http://h20230.www2.hp.com/selfsolve/manuals This site requires that you register for an HP Passport and sign in. To register for an HP Passport ID, go to: http://h20229.www2.hp.com/passport-registration.html Or click the New users - please register link on the HP Passport login page. You will also receive updated or new editions if you subscribe to the appropriate product support service. Contact your HP sales representative for details.
Page 3 of 33
HP Anywhere (9.1)
Support
Visit the HP Software Support Online web site at: http://www.hp.com/go/hpsoftwaresupport This web site provides contact information and details about the products, services, and support that HP Software offers. HP Software online support provides customer self-solve capabilities. It provides a fast and efficient way to access interactive technical support tools needed to manage your business. As a valued support customer, you can benefit by using the support web site to:
l l l l l l l l
Search for knowledge documents of interest Submit and track support cases and enhancement requests Download software patches Manage support contracts Look up HP support contacts Review information about available services Enter into discussions with other software customers Research and register for software training
Most of the support areas require that you register as an HP Passport user and sign in. Many also require a support contract. To register for an HP Passport ID, go to: http://h20229.www2.hp.com/passport-registration.html To find more information about access levels, go to: http://h20230.www2.hp.com/new_access_levels.jsp
Page 4 of 33
HP Anywhere (9.1)
Contents
Installation and Configuration Contents Overview
HP Anywhere Documentation Library
1 5 7
7
8
8 8
12
12 13 14 16 16 16 17 18 19 21 21 22 22 23 24 25 25 26 27
Page 5 of 33
HP Anywhere (9.1)
Advanced Configuration Configure LDAPOver SSL (LDAPS) How to Configure the Staging Environment Map HPAnywhere Roles to LDAP Users Finalize Configuration
28 28 28 29 29
30
30
32
32 32
Page 6 of 33
HP Anywhere (9.1)
Chapter 1 Overview
This guide describes the process of installing and configuring the HPAnywhere server on your system, along with references to additional information from external sources.
Page 7 of 33
HP Anywhere (9.1)
"Pre-installation" below. Steps to initialize and customize the HPAnywhere Server application installation. "Installation Steps" below. Steps to install the HP Anywhere Server. "Post-installation and Configuration" on page 12. Steps to configure the database and HPLive Network Connection.
l l
Pre-installation
1. Insert the HPAnywhere Windows InstallationDVDinto the drive from which you want to install. 2. Run HP_Anywhere_9.00_setup.exe. 3. If the Open File warning window opens, click Run in this window. 4. The system performs validation checks and configures HPAnywhere 9.0 according to the current system definitions. The Install Launcher runs. After it completes, the HPAnywhere Wizard Introduction window appears.
Installation Steps
This section provides a detailed description of the Installation wizard steps. The first window of the wizard is the Introduction window. It presents the location of the installation and log files.
Page 8 of 33
HP Anywhere (9.1)
1. Click Next. 2. After the Install Launcher completes, the License Agreement window opens.
Accept the License Agreement and click Next. 3. The Choose the folders window opens.
Page 9 of 33
HP Anywhere (9.1)
Browse to the Application Folder (optional) and click Next. This folder will be used for installing the application and data files. 4. The installation wizard checks that there is sufficient disk space to install and that the relevant ports are available and open.
Click Next.
Page 10 of 33
HP Anywhere (9.1)
6. Click Install to begin the installation process. When completed, the HPAnywhere Installation Opening screen appears. 7. Click OK. If HPAnywhere was previously uninstalled from this computer, the system restart message opens.
8.
n n
Click Details>> to see the changes that will be made to the configuration after installation. Click Continue to continue with the installation without rebooting at this stage. The HPAnywhere Configuration Wizard opens.
Page 11 of 33
HP Anywhere (9.1)
"Configuration Introduction" below "Management Database - Configure Management Database Settings" on next page "Database Configuration - Oracle or Microsoft SQLServer" on page 14 "Create Admin User" on page 18 "Configure HPLNPublisher Credentials" on page 19
Configuration Introduction
Page 12 of 33
HP Anywhere (9.1)
Create a new database (for new installations) Connect to an existing database (for upgrading an existing database).
Page 13 of 33
HP Anywhere (9.1)
Description The name or IPaddress of the host computer on which the Oracle DBServer is located. The number of the port used to connect to the server. The Oracle System ID used to uniquely identify a particular database on a system. The name of the administrator who will connect to the database. The password of the administrator.
Port SID
Page 14 of 33
HP Anywhere (9.1)
Installation and Configuration Chapter 3: Post-installation and Configuration Microsoft SQLServer Database
Description The fully qualified domain name (FQDN) or IP address of the MS SQL Server hosting the Management database. The port of the MS SQL server listener. The default port is 1433.
Port
DatabaseName The name of the management database. It is recommended that you use the following database naming convention: databasename_mng SQLServer authentication Login Name Password The MS SQL login name used to create or connect to the database. The password for the specified user.
3. Click Next. The wizard reports on the final status of the Management database configuration. If the configuration was unsuccessful, possible reasons for the failure are shown. 4. Click Next to move to the Create Admin User window.
Page 15 of 33
HP Anywhere (9.1)
"Setting Up Apache Web Server on GlassFish (Optional)" below "Configure mod_jk" below "WebServer and SSLConfiguration" above
Note: If you are using a domain that is different from that of HPAnywhere, make sure that you configure the Web Server correctly as described in "HPAnywhere Lightweight Single Sign-On Configuration" on page 21.
Configure mod_jk
The Apache Web Server is made up of modules. Each module provides different functionality. The module responsible for the Web Server Application Server communication is mod_jk. To configure mod_jk: 1. Download the Apache Web Server version 2.2x from http://httpd.apache.org/download.cgi. 2. Download mod_jk from http://mirror.metrocast.net/apache/tomcat/tomcatconnectors/jk/binaries/windows/tomcat-connectors-1.2.35-windows-i386-httpd-2.2.x.zip.
Page 16 of 33
HP Anywhere (9.1)
3. Install mod_jk on the Apache web server. Detailed instructions for configuring mod_jk for can be found here. 4. Map the following requests to the HPAnywhere Server: /btoa/* /btoa-app/* 1. When you configure mod_jk you need to configure jk protocol port. The jk-connector port in glassfish in 20010 by default. You can configure this port in domain.xml 2. Copy the files to the /modules folder on the Apache Web Server. 3. Configure Apache to redirect all requests to HPAnywhere. 4. Restart the Apache Web Server
Configure SSL
You can configure SSL between clients and the Web Server and between the Web Server and the application server. To configure SSL, you must enable the mod_SSL module as follows: 1. Open the httpd.conf file. 2. Remove the comment tag the following lines: LoadModule rewrite_module modules/mod_rewrite.so LoadModule SSL_module modules/mod_SSL.so Include conf/extra/httpd-SSL.conf 3. In order to enforce HTTPS, you must redirect all HTTP requests to HTTPS requests as follows: n Add the following code at the end of the file: # Redirect HTTP to HTTPS RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https:HTTP_HOST}%{REQUEST_URI} 4. Open the conf/extra/httpd-SSL.conf file. 5. Add the following lines to the end of the file, before the line </VirtualHost>:
JkMount /btoa/* localAjp JkMount /btoa-app/* localAjp
6. Copy the private key and certificate in the /conf folder and rename them as follows: server.crt - certificate server.pem - private key 7. In the conf/extra/httpd-SSL.conf file, update the path of the certificate in the following line: SSLCertificateFile SSLCertificateFile "C:/Program Files (x86) /Apache Software Foundation/Apache2.2/conf/server.crt 8. In the conf/extra/httpd-SSL.conf file, update the path of the private key in the following line: SSLCertificateKeyFile C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/server.pem" 9. Restart the Apache Web Server.
Page 17 of 33
HP Anywhere (9.1)
1. Fill in the fields as follows: Parameter Administrator password Description The password assigned for the administrator. For example, admin. Retype the administrator password.
Page 18 of 33
HP Anywhere (9.1)
Page 19 of 33
HP Anywhere (9.1)
1. Fill in the fields as follows: Field User Name Password Confirm Password Description HP Passport user name HPPassport password Retype the HPPassport password
2. You can also optionally configure a proxy server for HPLN. Fill in the fields as follows: Field HTTPProxy Description The location of the proxy server in the format <protocol>://<host> or <protocol>://<host>:<port> HTTPProxy User HTTPProxy Password The user name needed to access the proxy server. The password needed to access the proxy server.
3. Click Next. The Summary window appears. If the Configuration Wizard did not complete successfully, the reasons for the failure are displayed when possible.
Page 20 of 33
HP Anywhere (9.1)
"HPAnywhere Lightweight Single Sign-On Configuration" below "LDAPConfiguration and Authentication" on next page "Staging Environment Configuration" on next page "Customize the LDAP Server as an External Repository" on page 23 "Configure the Users Providers" on page 24 "Configure the Users Objects Class" on page 25 "Groups Search" on page 25 "Groups Object Class (LDAPVendor Dependent)" on page 26 "Groups Hierarchy" on page 27 "Advanced Configuration" on page 28 "Configure LDAPOver SSL (LDAPS)" on page 28 "How to Configure the Staging Environment" on page 28 "Map HPAnywhere Roles to LDAP Users" on page 29 "Finalize Configuration" on page 29
Page 21 of 33
HP Anywhere (9.1)
<DNSDomain>BSMdomain</DNSDomain> <DNSDomain>PPMdomain</DNSDomain> </trustedHosts> 5. If the customer configured a web server to have a different domain than the HP Anywhere server's domain, in the <domain>line marked below, change the domain to be the domain of the web server:
<webui> <validation> <in-ui-lwsso> <lwssoValidation id="ID000001"> <domain> mywebserver.com</domain> <crypto cipherType="symmetricBlockCipher" engineName="AES" paddingModeName="CBC" keySize="256" encodingMode="Base64Url" initString="This string should be replaced"></crypto> </lwssoValidation> </validation>
Note: In order to initiate lightweight single sign on for all the HP applications installed on your server, the init string must be identical in each application. If an application has a different init string, basic authentication will be used to authorize login for this application.
Page 22 of 33
HP Anywhere (9.1)
8. Click Finish. The connection is automatically tested. 9. In the event that SSL is selected, the Certificate trust window may open. If applicable, select View Certificate. Ensure that the certificate appears in the Java key store used by HPAnywhere. 10. Update the LDAPparameters in the external-ldap.properties file as follows: Attribute ldapHost ldapPort enableSSL Description LDAPhost name LDAP port number You must set this parameter to True - Use SSLconnection to LDAP. For details on the importing the SSLcertificate, see "Configure LDAPOver SSL (LDAPS)" on page 28. useAdministrator True: Use simple authentication False:No authentication ldapAdministrator LDAP user distinguished name (defined if useAdministrator = True)
Page 23 of 33
HP Anywhere (9.1)
usersScope LDAP search scope for users search. Defines how exactly the search under the usersBase location should be performed. SCOPE_BASE:search space contains a single entry pointed by the userBase SCOPE_ONE: search space contains the userBase and its direct children only SCOPE_SUB: search space contains the userBase and its whole sub tree usersFilters LDAP filter for users search
Page 24 of 33
HP Anywhere (9.1)
Groups Search
The following properties define the search mechanism that is implemented on LDAP groups. There are two sets of properties: The first, for regular groups and the second for root groups. In order to display only a limited number of groups, restrict the root groups search criteria appropriately. The same search criteria for both root and non-root groups, can also be used. This configuration is recommended when the overall number of groups is small. Check Groups Search Configuration Properties
Page 25 of 33
HP Anywhere (9.1)
Installation and Configuration Chapter 3: Post-installation and Configuration To map the groups configuration properties to the LDAPserver configuration properties, update the external-ldap.properties file with the following attributes according to the organization's LDAPproperties. Attribute groupsBase Description LDAP Base Distinguished Name (DN) for groups search. Only groups under this DN in the LDAP hierarchy are returned from the search. LDAP search scope for groups search. Defines how exactly the search under the groupsBase location should be performed. SCOPE_BASE:search space contains a single entry pointed by the groupsBase SCOPE_ONE: search space contains the groupsBase and its direct children only SCOPE_SUB: search space contains the groupsBase and its whole sub tree groupsFilter LDAP filter for groups search. The only valid values are rootGroupsBase, rootGroupsScope, or rootGroupsFilter. LDAP Base Distinguished Name (DN) for groups search. Only groups under this DN in LDAP hierarchy are returned from the search
groupsScope
rootGroupsBase
rootGroupsScope LDAP search scope for groups search. Specifies how the search under the gropusBase location should be performed. SCOPE_BASE search space contains a single entry pointed to the rootGroupsBase SCOPE_ONE - search space contains the rootGroupsBase and its direct children only SCOPE_SUB - search space contains the rootGroupsBase and its whole sub tree rootGroupsFilter LDAP filter for groups search
Page 26 of 33
HP Anywhere (9.1)
Attribute groupsMembersAttribute
Description Groups members LDAP attribute name. This multivalue attribute contains the full distinguished names (DNs) of static group members.
Optional Attributes groupsNameAttribute Groups unique name LDAP attribute name. In most default LDAP implementations, this attribute is usually the same as groupsDisplayNameAttribute. Groups display name LDAP attribute name. In most default LDAP implementations, this attribute is usually the same as groupsNameAttribute. Groups description LDAP attribute name. The attribute contains the groups description. Boolean attribute for enabling dynamic groups. If the value of this attribute is true, dynamic groups are searched. Note that enumerating members of very large dynamic groups may be time consuming. LDAP object class representing dynamic group object. Dynamic groups members LDAP attribute name. This attribute contains the LDAP search URL. The values returned by this LDAP search URL are considered dynamic group members. Dynamic groups unique name LDAP attribute name. In most default LDAP implementations, this attribute is usually the same as dynamicGroupsDisplayNameAttribute.
groupsDisplayNameAttribute
groupsDescriptionAttribute
enableDynamicGroups
dynamicGroupsClass dynamicGroupsMemberAttribute
dynamicGroupsNameAttribute
dynamicGroupsDisplayNameAttribute Dynamic groups display name LDAP attribute name. In most default LDAP implementations, this attribute is usually the same as dynamicGroupsNameAttribute. dynamicGroupsDescriptionAttribute Dynamic groups description LDAP attribute name. This attribute contains the groups description.
Groups Hierarchy
The Groups Hierarchy attributes defines whether HPAnywhere relates to LDAP server groups hierarchy information. Attribute enableNestedGroups Description Enable support of nested groups. If support of nested groups is disabled, subgroups of a group are not searched.
Page 27 of 33
HP Anywhere (9.1)
Description Maximal allowed depth of groups hierarchy. No groups are searched beneath this level.
Advanced Configuration
The advanced configuration attributes are used for fine-tuning the LDAP connection. Attribute ldapVersion Description LDAP protocol version. Possible values are: 3 (default) 2 (for old versions of LDAP) baseDistinguishNameDelimiter Base DN delimiter. Symbol used in configuration when putting multiple base DNs for users or groups or users search. Note that this symbol must not appear as part of the base DN used in this configuration. If it appears in the base DNs, change the default value to some other symbol. scopeDelimiter Scope delimiter. Symbol used in configuration when putting multiple scopes for users or groups search. This symbol must not appear as part of the scope name used in this configuration. If it appears in the scope name, change the default value to some other symbol. Symbol used in configuration when putting in multiple attribute names of users or group. Pay attention that this symbol must not appear as part of attributes used in this configuration. If it appears in attribute names, then change the default value to some other symbol.
attributeValuesDelimiter
users.provider=EXTERNAL
Page 28 of 33
HP Anywhere (9.1)
n n
groups.provider=EXTERNAL external.uum=true
2. Restart HPAnywhere.
Finalize Configuration
l
At this stage, you need to restart HPAnywhere to apply the configuration settings. Then, log into HP Anywhere using your LDAP credentials.
Page 29 of 33
HP Anywhere (9.1)
Select Uninstall and click Next. 3. The wizard shows a summary of the components that will be uninstalled.
Page 30 of 33
HP Anywhere (9.1)
Page 31 of 33
HP Anywhere (9.1)
LDAPIssues
Problem: Communication with the LDAP server cannot be established. Communication exception appears in logs. Solution: Check the LDAP host, port, and SSL mode settings: 1. Check that LDAP host and port are configured correctly: Select System >Settings >User Management Configuration >External User Repository and check the ldapHost and ldapPort settings. 2. Check that SSL mode is configured correctly. Check with your organizational LDAP administrator whether the administrator user is required for LDAP connection. Select System > Settings > User Management Configuration > External User Repository and check the enableSSL setting. 3. Check that the appropriate server certificate is installed. Run the following command: <Configuration Manager installation directory>\java\windows\x86_64 \bin\keytool.exe -list -trustcacerts [-alias <certificate alias>] -keystore <Configuration Manager installation directory>\java\windows\x86_64\lib\security\cacerts -storepass changeit 4. Check with your organizational LDAP administrator whether the administrator is required for LDAP connection. Select System > Settings > User Management Configuration > External User Repository and check the following settings: useAdministrator, ldapAdministrator, and ldapAdministratorPassword.
Page 32 of 33
HP Anywhere (9.1)