Installation Preparation Checklist

This document aims to provide a list of steps that you should check prior to installing and configuring DirX Audit to help you prepare all required materials, files, documents, data and environment. There are the following sections:

  • PREPARATION - collecting system requirements, preparing the target environment

  • INSTALLATION of DirX Audit and required applications

  • CONFIGURATION of DirX Audit

  • MAINTENANCE – operation and troubleshooting

While the first three checklists are helpful for correctly, dutifully and thoroughly preparing a one-time procedure, the maintenance checklist is meant as an ongoing upkeeping operation that should be scheduled on a regular basis.

Preparation

  • In case of an upgrade installation, backup your existing configuration files

  • in the install_path/conf folder, all customer specific files and/or custom dashboard component configurations

  • See:

  • specific instructions in the DirX Audit Migration Guide

  • Install JVM

  • on each machine where DirX Audit Manager and DirX Audit Manager Classic (Apache Tomcat), DirX Audit Message Broker and DirX Audit Server are to be operated

  • See:

  • “Installation Prerequisites” in the DirX Audit Installation Guide

  • Install Apache Tomcat

  • on the machine where DirX Audit Manager and DirX Audit Manager Classic are to be operated

  • See:

  • “Apache Tomcat Installation” in the DirX Audit Installation Guide

  • “Supported Apache Tomcat Installations” in the DirX Audit Release Notes

  • Secure Apache Tomcat

  • See:

  • “Securing Apache Tomcat” in the DirX Audit Best Practices

  • Prepare truststores and keystores for SSL configuration

  • to secure (encrypt) data transfer

  • See:

  • “Establishing Secure Communication” in the DirX Audit Best Practices

  • “Preparing Truststores and Keystores for SSL Configuration” in the DirX Audit Installation Guide

  • Prepare Kerberos configuration file (optional)

  • to support Windows authentication in DirX Audit Manager Classic

  • See:

  • “Windows Authentication Using the Kerberos Login Module” in the DirX Audit Administration Guide

  • Generate the keytab file and define the service principal name (optional)

  • to support DirX Audit Manager Classic SSO based on SPNEGO / Kerberos

  • See:

  • “Configuring SSO Web Authentication Using SPNEGO / Kerberos” in the DirX Audit Administration Guide

  • “Authentication Configuration” in the DirX Audit Installation Guide

  • Configure the Internet Browser for Windows SSO Authentication (optional)

  • to support DirX Audit Manager Classic SSO based on SPNEGO / Kerberos

  • See:

  • “Configuring the Internet Browser for Windows SSO Authentication” in the DirX Audit Administration Guide

  • Setup new databases or consider database backups (for each tenant)

  • up to three databases should be prepared (Config DB, Data DB, History DB)

  • consider backing up the whole database or exporting relevant audit events and history entries in case of upgrading an existing installation

  • See:

  • “Managing DirX Audit Databases” in the DirX Audit Administration Guide

  • Consider the number of tenants to configure

  • See:

  • “Managing a Multi-tenant Environment” in the DirX Audit Administration Guide

  • “Using the Configuration Wizard for the Tenant Configuration” in the DirX Audit Installation Guide

  • Consider what data to collect and synchronize (for each tenant)

  • See:

  • “Managing Audit Messages Data” and “Managing History Entries Data” in the DirX Audit Administration Guide

  • “Controlling the Number and Size of Audit Events” and “Managing History Entries” in the DirX Audit Best Practices

  • Consider what collectors to use (for each tenant)

  • See:

  • “Configuring DirX Audit Collectors” in the DirX Audit Administration Guide

  • “Collectors Configuration” in the DirX Audit Installation Guide

  • Consider data access (audit messages only) control - authorization (for each tenant, optional)

  • See:

  • “Managing Authorization PEPs” in the DirX Audit Administration Guide

  • “Authorization Configuration” in the DirX Audit Installation Guide

  • Consider what scheduled jobs to execute (for each tenant)

  • See:

  • “Scheduled Jobs Configuration” in the DirX Audit Installation Guide

  • Consider what History Synchronization jobs to schedule (for each tenant)

  • See:

  • DirX Audit History Synchronization Guide

  • ”History Synchronization LDAP Configuration” and “Scheduled History Synchronization Jobs Configuration” in the DirX Audit Installation Guide

  • Setup LDAP groups for DirX Audit Manager and DirX Audit Manager Classic authorization (for each tenant)

  • LDAP groups representing Administrator and Auditor DirX Audit Manager and DirX Audit Manager Classic application roles

  • See:

  • “Authentication Configuration” in the DirX Audit Installation Guide

  • “Configuring LDAP Authentication” and “Managing Application Roles” in the DirX Audit Administration Guide

  • “Managing Group Search” and “Slow Authentication Due to Many Groups” in the DirX Audit Best Practices

  • Configure firewalls

  • See:

  • “Firewall Configuration Hints” in the DirX Audit Installation Guide

  • Install and configure message broker (optional - when a custom message broker is used)

  • See:

  • “Server JMS Collector for DirX Identity Format”, “Server JMS Collector for DirX Access Format” and “Server JMS Collector for DirX Audit Format” in the DirX Audit Installation Guide

  • Prepare the silent installation & configuration files (optional)

  • See:

  • “Silent Installation” and “Using Silent Configuration” in the DirX Audit Installation Guide

Installation

  • Deploy mssql-jdbc_auth-<version>-<arch>.dll file (optional)

  • to support the integrated Windows authentication in the database connectivity

  • See:

  • “Installation Prerequisites” and “Support for Windows Authentication in Database Connectivity” in the DirX Audit Installation Guide

  • Install DirX Audit

  • See:

  • “Installing DirX Audit” in the DirX Audit Installation Guide

  • Deploy Oracle Database JDBC driver (optional)

  • See:

  • “Oracle Database JDBC Driver Installation” in the DirX Audit Installation Guide

  • Install DirX Identity JMS Audit Plug-in Handler (optional)

  • provided with DirX Identity (both the plugin and the documentation)

  • See:

  • “Installing the JMS-Audit Handler” in the DirX Identity Installation Guide

  • Install DirX Access JMS Audit Plug-in Handler (optional)

  • to be downloaded from the IAM Support Portal (both the plugin and the documentation), ensure that the version matching both DirX Audit and DirX Access is selected

Configuration

  • Perform core configuration

  • validate and test settings where provided

  • See:

  • “Using the Configuration Wizard for the Core Configuration” in the DirX Audit Installation Guide

  • Perform tenant configuration for each tenant

  • validate and test settings where provided

  • See:

  • “Using the Configuration Wizard for the Tenant Configuration” in the DirX Audit Installation Guide

  • Configure DirX Identity JMS Audit Plug-in Handler (optional)

  • to be configured in the DirX Identity Manager

  • See:

  • “Configuring the JMS-Audit Handler” in the DirX Identity Installation Guide

  • Configure DirX Access JMS Audit Plug-in Handler (optional)

  • to be configured locally at the machine where DirX Access is deployed (the documentation is provided with the plugin package available at the IAM Support Portal)

Maintenance

  • Update JVM

  • for security reasons, update software when required or recommended

  • See:

  • “Installation Prerequisites” in the DirX Audit Installation Guide

  • Update Apache Tomcat

  • for security reasons, update software when required or recommended

  • See:

  • “Supported Apache Tomcat Installations” in the DirX Audit Release Notes

  • Update message broker (optional, when custom message broker used)

  • for security reasons, update software when required or recommended

  • Manage Cryptographic Material

  • update keys before their expiration

  • See:

  • “Managing Cryptographic Material” in the DirX Audit Administration Guide

  • Check the Error Logs

  • See:

  • “Log Files” in the DirX Audit Best Practices

  • “Configuring Logging” in the DirX Audit Administration Guide

  • Monitor DirX Audit Databases

  • See:

  • “Check the Audit Database Size”, “Maintain Database Indexes” and “Remove Old Data” in the DirX Audit Best Practices

  • “Using the DirX Audit Tools” in the DirX Audit Command Line Interface Guide

  • “Tuning Database Performance” in the DirX Audit Administration Guide

  • Monitor system services - Apache Tomcat / DirX Audit Manager container

  • See:

  • “Running the DirX Audit Manager Service” in the DirX Audit Administration Guide

  • “Common Managers Container Configuration” in the DirX Audit Installation Guide

  • Monitor system services - DirX Audit Message Broker

  • See:

  • “Monitoring the Message Broker” in the DirX Audit Administration Guide

  • “Message Broker System Service” in the DirX Audit Installation Guide

  • Monitor system services - DirX Audit Server

  • See:

  • “Running the DirX Audit Server Service” in the DirX Audit Administration Guide

  • “Application Container Configuration” in the DirX Audit Installation Guide

  • “Check for Audit Message Import Errors” in the DirX Audit Best Practices

  • Monitor DirX Audit with JMX

  • See:

  • “Monitoring DirX Audit with JMX” in the DirX Audit Administration Guide