Installation Preparation Checklist

This document aims to provide a list of steps that you should check prior to installing and configuring DirX Audit to help you prepare all required materials, files, documents, data and environment. There are the following sections:

  • PREPARATION - collecting system requirements, preparing the target environment

  • INSTALLATION of DirX Audit and required applications

  • CONFIGURATION of DirX Audit

  • MAINTENANCE – operation and troubleshooting

While the first three checklists are helpful for correctly, dutifully and thoroughly preparing a one-time procedure, the maintenance checklist is meant as an ongoing upkeeping operation that should be scheduled on a regular basis.

Preparation

  • Backup your existing installation (in case of an upgrade installation)

  • back up the install_path/conf folder, all customer specific files or custom dashboard component configurations

Also see specific instructions in the DirX Audit Migration Guide

  • Install JVM

  • on each machine where DirX Audit Manager (Apache Tomcat), DirX Audit Message Broker and DirX Audit Server are to be operated

Also see the section “Installation Prerequisites” in the DirX Audit Installation Guide

  • Install Apache Tomcat

  • on the machine where DirX Audit Manager is to be operated

Also see the section “Apache Tomcat Installation” in the DirX Audit Installation Guide

And also “Supported Apache Tomcat Installations” in the DirX Audit Release Notes

  • Secure Apache Tomcat

Also see the section “Securing Apache Tomcat” in the DirX Audit Best Practices

  • Prepare truststores and keystores for SSL configuration

  • to secure (encrypt) data transfer

Also see the sections “Establishing Secure Communication” in the DirX Audit Best Practices and “Preparing Truststores and Keystores for SSL Configuration” in the DirX Audit Installation Guide

  • Prepare Kerberos configuration file (optional)

  • to support Windows authentication in DirX Audit Manager

Also see the section “Windows Authentication Using the Kerberos Login Module” in the DirX Audit Administration Guide

  • Generate the keytab file and define the service principal name (optional)

  • to support DirX Audit Manager SSO based on SPNEGO / Kerberos

Also see the section “Configuring SSO Web Authentication Using SPNEGO / Kerberos” in the DirX Audit Administration Guide

And also the section “Authentication Configuration” in the DirX Audit Installation Guide

  • Configure the Internet Browser for Windows SSO Authentication (optional)

  • to support DirX Audit Manager SSO based on SPNEGO / Kerberos

Also see the section “Configuring the Internet Browser for Windows SSO Authentication” in the DirX Audit Administration Guide

  • Setup new databases or consider database backups (for each tenant)

  • up to three databases should be prepared (CONFIG, DATA, HISTORY)

  • consider backing up the whole database or exporting relevant audit events and history entries in case of upgrading an existing installation

Also see the section “Managing DirX Audit Databases” in the DirX Audit Administration Guide

  • Consider the number of tenants to configure

Also see the section “Managing a Multi-tenant Environment” in the DirX Audit Administration Guide

And also “Using the Configuration Wizard for the Tenant Configuration” in the DirX Audit Installation Guide

  • Consider what data to collect and synchronize (for each tenant)

Also see the section “Managing Audit Messages Data” and “Managing History Entries Data” in the DirX Audit Administration Guide

And also “Controlling the Number and Size of Audit Events” and “Managing History Entries” in the DirX Audit Best Practices

  • Consider what collectors to use (for each tenant)

Also see the section “Configuring DirX Audit Collectors” in the DirX Audit Administration Guide

And also “Collectors Configuration” in the DirX Audit Installation Guide

  • Consider data access (audit messages only) control - authorization (for each tenant, optional)

Also see the section “Managing Authorization PEPs” in the DirX Audit Administration Guide

And also “Authorization Configuration” in the DirX Audit Installation Guide

  • Consider what scheduled jobs to execute (for each tenant)

Also see the section “Scheduled Jobs Configuration” in the DirX Audit Installation Guide

  • Consider what History Synchronization jobs to schedule (for each tenant)

See the DirX Audit History Synchronization Guide

Also see the sections "History Synchronization LDAP Configuration" and “Scheduled History Synchronization Jobs Configuration” in the DirX Audit Installation Guide

  • Setup LDAP groups for DirX Audit Manager authorization (for each tenant)

  • LDAP groups representing Administrator and Auditor DirX Audit Manager application roles

Also see the section “Authentication Configuration” in the DirX Audit Installation Guide

And also sections “Configuring LDAP Authentication” and “Managing Application Roles” in the DirX Audit Administration Guide

And also sections “Managing Group Search” and “Slow Authentication Due to Many Groups” in the DirX Audit Best Practices

  • Configure firewalls

Also see the section “Firewall Configuration Hints” in the DirX Audit Installation Guide

And also the appendix A “Port Requirements” in the DirX Audit Administration Guide

  • Install and configure message broker (optional - when a custom message broker is used)

Also see the sections “Server JMS Collector for DirX Identity Format”, “Server JMS Collector for DirX Access Format” and “Server JMS Collector for DirX Audit Format” in the DirX Audit Installation Guide

  • Prepare the silent installation & configuration files (optional)

Also see the sections “Silent Installation” and “Using Silent Configuration” in the DirX Audit Installation Guide

Installation

  • Deploy mssql-jdbc_auth-<version>-<arch>.dll file (optional)

  • to support the integrated Windows authentication in the database connectivity

Also see the sections "Installation Prerequisites” and “Support for Windows Authentication in Database Connectivity" in the DirX Audit Installation Guide

  • Install DirX Audit

Also see the section “Installing DirX Audit" in the DirX Audit Installation Guide

  • Deploy Oracle Database JDBC driver (optional)

Also see the section “Oracle Database JDBC Driver Installation" in the DirX Audit Installation Guide

  • Install DirX Identity JMS Audit Plug-in Handler (optional)

  • provided with DirX Identity (both the plugin and the documentation)

Also see the section “Installing the JMS-Audit Handler” in the DirX Identity Installation Guide

  • Install DirX Access JMS Audit Plug-in Handler (optional)

  • to be downloaded from the IAM Support Portal (both the plugin and the documentation), ensure that the version matching both DirX Audit and DirX Access is selected

Configuration

  • Perform core configuration

  • validate and test settings where provided

Also see the section “Using the Configuration Wizard for the Core Configuration" in the DirX Audit Installation Guide

  • Perform tenant configuration for each tenant

  • validate and test settings where provided

Also see the section “Using the Configuration Wizard for the Tenant Configuration" in the DirX Audit Installation Guide

  • Configure DirX Identity JMS Audit Plug-in Handler (optional)

  • to be configured in the DirX Identity Manager

Also see the section “Configuring the JMS-Audit Handler” in the DirX Identity Installation Guide

  • Configure DirX Access JMS Audit Plug-in Handler (optional)

  • to be configured locally at the machine where DirX Access is deployed (the documentation is provided with the plugin package available at the IAM Support Portal)

Maintenance

  • Update JVM

  • for security reasons, update software when required or recommended

Also see the section “Installation Prerequisites” in the DirX Audit Installation Guide

  • Update Apache Tomcat

  • for security reasons, update software when required or recommended

Also see the section “Supported Apache Tomcat Installations” in the DirX Audit Release Notes

  • Update message broker (optional, when custom message broker used)

  • for security reasons, update software when required or recommended

  • Manage Cryptographic Material

  • update keys before their expiration

Also see the section “Managing Cryptographic Material” in the DirX Audit Administration Guide

  • Check the Error Logs

Also see the section “Log Files” in the DirX Audit Best Practices

Also see “Configuring Logging” in the DirX Audit Administration Guide

  • Monitor DirX Audit Databases

Also see the sections “Check the Audit Database Size”, “Maintain Database Indexes” and “Remove Old Data” in the DirX Audit Best Practices

Also see “Using the DirX Audit Tools” in the DirX Audit User Interface Guide

Also see “Tuning Database Performance” in the DirX Audit Administration Guide

  • Monitor system services - Apache Tomcat / DirX Audit Manager container

Also see the section “Running the DirX Audit Manager Service” in the DirX Audit Administration Guide

Also see “Manager Container Folder" in the DirX Audit Installation Guide

  • Monitor system services - DirX Audit Message Broker

Also see the section “Monitoring the Message Broker” in the DirX Audit Administration Guide

Also see “Message Broker System Service" in the DirX Audit Installation Guide

  • Monitor system services - DirX Audit Server

Also see the section “Running the DirX Audit Server Service” in the DirX Audit Administration Guide

Also see “Application Container Configuration" in the DirX Audit Installation Guide

Also see “Check for Audit Message Import Errors” in the DirX Audit Best Practices

  • Monitor DirX Audit with JMX

Also see the section “Monitoring DirX Audit with JMX” in the DirX Audit Administration Guide