Identity Suite V15 IGA Xpress 1.0 deployment demonstration
Article ID: 407598
Updated On:
Products
Issue/Introduction
The following document walks through a condensed and simplified installation from start to finish of IGA Xpress 1.0 and the deployment of the Identity Suite V15 applications.
See the Deploy documentation for further in depth installation and deployment information.
Environment
IGX Version 1.0
IGA v15.0
Windows 2019
MS SQL 2022
Cause
This Demo utilizes:
A. One Centos9 64bit, Redhat 9 server.
B. One Windows 2019, with MS SQL 2022 deployed for the backend database(s)
C. JAVA 21 (included and deployed with IGA Xpress)
D. Wildfly 32 (included and deployed with IGA Xpress)
USERS:
LINUX:
a. root or other admin (sudo) user
b. igx (will be created by installer)
WINDOWS:
c. Localhost/Administrator
This KB can be should be used as a guide, please review the Symantec IGA Xpress 1.0 documentation as there will be minor differences depending on the environment and platform.
Resolution
Table of Contents
NOTE: This KB was created with a pre-release build, the images may differ slightly from the full release.
Brief Deployment and Mogrify overview playlist:
Symantec IGA 15 training series
1. PRIOR TO DEPLOYING
a. Get your SKU code - Please see the SKU Code documentation for more details on retrieving your SKU code. The SKU code will be entered during the deployment and controls which Application Service components can be deployed.
b. Copy the installation files onto the Linux server.
Example: /IGASoftware/
c. Determine if you are going to use a Local or Remote channel to perform the application deployment from. See the Documentation on Configure a Channel for more details. The remote channel will be used for this Demo.
d. Create the databases, for this demo 3 databases were setup, one for Identity Manager, Identity Governance, and Identity Portal:
e. If this is a Migration from an existing environment work with your DBA to migrate the databases to a new server and record the details for use configuring the Services below.
f. If this is a Migration from an existing environment, complete all of the 'Source' side steps of the Migration. See the Migrate documentation for more details.
2. DEPLOY IGA Xpress
a. Log onto Linux server as, or su - root
b. Navigate to and untar the igaxpress-1.0.0-19.tar.gz
>tar -xvf igaxpress-1.0.0-19.tar.gz
c. cd into the newly created /igaxpress-1.0.0-19/ directory
d. Install the Dependencies with 'rpmdep.sh'>./rpmdeps.sh
e. Deploy IGA Xpress with the install command
>./install
f. Answer y to allow the installer to create /opt/brcm/iga/
NOTE: The /opt/brcm/ path is required. It can be placed on a different volume, but /opt/brcm/ is the required path for IGA Xpress deployment.
g. Choose y for 'Is this the first node of IGA cluster? (y/n)'
h. Choose y for 'Would you like to generate a cluster key now (y/n)'
NOTE: Copy the cluster key into a notepad. RIGHT CLICK TO COPY AND STORE THIS key - using Control-C will close the installer requiring it to be restarted.
In a clustered environment this key will be used on the subsequent nodes
i. When prompted to Enter cluster key and allow the installation to complete.
j. Login or su as the 'igx' user, the password is 'changeme' - you will be prompted to update the password to a password of your choice. This password will require a special character.
NOTE: This password will be used to access the IGX interface, and perform the remainder of the Linux based configuration.
IGA Xpress deployment is now complete and can be accessed at https://<ip_address>:10443 with igx as the user
If this is a simple single node deployment you are ready to access the IGA Xpress browser interface and begin deploying the Application Services.
If this is a multiple node deployment, deploy IGA Xpress on ALL nodes using the Cluster key generated on the initial node before deploying any of the Application Services
3. DEPLOYING THE APPLICATION SERVICES IN IGA Xpress
a. Log into IGA Xpress https://<ip_address>:10443 as the igx user.
b. On the Update tab, click the small Configuration gear in the upper right corner.
Verify access to the remote Channel, or setup a local channel. See the Documentation Configure a Channel for more details
c. Navigate to the Cluster tab.
1. Click the SKU button 
and enter your SKU code.
NOTE: The SKU code must be set prior to dragging the Application Services circles onto a node. See the SKU Code documentation for specific details
Make sure Entitlements on the left side show correct products IM,IP or IG for you.
2. Click the Add Node + sign, enter a Name and the IP Address of the node. Click Validate, then click the Add button.
d. The node appears with the available Services listed on the left. For this demo all Services are dragged onto this one node.
NOTE: In a clustered deployment, use the Add Node button to add all remaining nodes, and distribute the Services as desired between those nodes.
e. Enter the name of the node that will initially be the primary node in the Primary Console field, select the Sync Mode for the Cluster, and set the UserStore Relay. The Primary Console, Sync Mode and UserStore Relay need to be set regardless of the number of nodes.
The Primary Console can be changed at a later time.
f. After the nodes have been configured and the Services distributed as needed, click the Deploy button.
g. Enter a Name for the Cluster, then from the Version drop down select the Version, Check Generate All Certificates and leave Start Cluster unchecked and click Proceed button. If you want to use custom certificates or passwords in appserver.p12 and balancer.p12 leave the Generate All Certificates box unchecked. See the documentation on Custom Server Certificates for more details.
NOTE: only lower case characters, numbers and the - dash symbol are allowed as shown in the warning in the below screenshot:
The deploy will take a few minutes and return you to the Dashboard:
NOTE: If this is a migration from an existing system stop here and perform the 'Target' system migration steps. See Migrate documentation for more details.
4. CONFIGURING THE APPLICATION SERVICES
a. Open ssh console as igx user, and generate Suite Key and save it in a notepad.> openssl rand -base64 32
b. Enter this Suite Key in the Suite section of Services tab of the IGA Xpress console, choose an Encryption Mode (standard or FIPS) and set the Suite Password.
NOTE: The Suite Password is used for access to things such as the Identity Management Console (default user 'imadmin'), the Portal admin page (default user 'admin'), and Governance (default user 'AD1/EAdmin')
c. Click Apply. Then Confirm to allow the cluster to restart.
Configure the Datasources
a. For each of the Applications, Identity Governance, Identity Portal, and Identity Manager, select the Datasources tab and configure the JDBC connections.
SQL JDBC URL: jdbc:sqlserver://<hostname/IP>:<port>;selectMethod=cursor;databaseName=<dbname>;encrypt=<true/false>;trustServerCertificate=<true/false>
Oracle JDBC URL: jdbc:oracle:thin:@//<hostname>:<port>/<servicename/serviceid>
NOTE: Other than the Identity Portal there are multiple databases that will need to be configured. The Name drop down contains each required datasource and the + Datasources buttons can be used to duplicate the connections for each required database.
See the Configure Services documentation for more details.
Example of Completed Identity Manager Datasources configuration:
5. PROVISIONING DIRECTORY and USER STORE Setup and Configuration
a. On the Services tab, for Provisioning Directory configure the DB size, and the DSA and IMPS admin passwords. These are being set at this time, retain these Passwords for future use.
b. for UserStore configure the DB size, and the DSA Admin password. This is being set at this time, retain these Passwords for future use.
INITIALIZE PROVISIONING DIRECTORY AND USERSTORE
As this is a new installation the Provisioning Directory and the User Store must be configured within the Directory. We provide scripts to accomplish this. These steps are unnecessary in a Migrated environment.
a. On the Dashboard, Stop the Provisioning Directory and the User Store
b. Log onto the IGA Xpress Linux server as the igx user and run the command "impd_data init">impd_data init
c. Initialize the Userstore with "ustore_data init">ustore_data init
c. Back in the IGA Xpress browser interface, on the Cluster tab, use the Restart Cluster button to restart the cluster:
6. WIRE THE SERVICES
The following steps will build the out of the box identityEnv environment, and build the connectors between Portal and both Identity Manager and Governance and from Governance into Identity Manager.
NOTE: These steps are not required for Migrated environments.
a. Log into the IGX Linux server as the igx user and issue the following commands. When prompted the password for IDM and IDG are the Suite Password set above
>idmctl create (this will build the out of the box identityEnv environment)>idgctl create (this will build the connection between Identity Governance and Identity Manager)>idpctl create idm (this will build the connection between Identity Portal and Identity Manager, the IDM password is the Suite Password set above)>idpctl create idg (this will build the connection between Identity Portal and Identity Governance, the IG password is the password is the Suite Password set above)7. VERIFY DEPLOYMENT
a. Log into the IGA Xpress browser interface. On the cluster tab click the Restart Cluster button.
After the restart is complete you should be ready to start using the various Applications. You can see Status details about, and direct links to the Application Services by clicking their circles on the dashboard:
Feedback
