NetIQ
®
iManager
Installation Guide
August 2021
2
Legal Notice
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S.
Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2019 NetIQ Corporation, a Micro Focus company. All Rights Reserved.
Contents 3
Contents
About this Book and the Library 5
About NetIQ Corporation 7
1 Planning to Install iManager 9
Checklist for Installing iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Understanding the Server and Client Versions of iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Understanding Installation for iManager Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Prerequisites and Considerations for Installing iManager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Considerations for Installing iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Considerations for Installing iManager Server on a Linux Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Considerations for Installing iManager Server on a Windows Platform . . . . . . . . . . . . . . . . . . . . . . . 13
Considerations for Installing iManager Workstation on Linux Clients. . . . . . . . . . . . . . . . . . . . . . . . . 13
Considerations for Installing iManager Workstation on Windows Clients . . . . . . . . . . . . . . . . . . . . . 13
System Requirements for iManager Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
System Requirements for iManager Workstation (Client Version) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
2 Installing iManager Server and Workstation 17
Installing iManager Server and iManager Workstation on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Installing iManager Server on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Installing iManager Workstation on Linux Clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Installing iManager Server and iManager Workstation on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Installing iManager Server on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Installing iManager Workstation on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Installing iManager Silently . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Editing the Properties File for a Customized Silent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Running a Silent Installation for iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Installing iManager Patch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
FORCE Installation of iManager Patch Silently . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3 Deploying iManager Using Docker Container 31
Why Docker? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Planning to Deploy iManager Using Docker Container . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Docker CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Deploying iManager Container . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Deploying iManager Container in Host Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Deploying iManager Container in User Defined Overlay Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Post-Installation Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Installing iManager Plug-Ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Replacing the Temporary Self-Signed Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Managing iManager Data Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Upgrading iManager Using Docker Container . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4 Contents
4 Post-Installation Tasks for iManager 39
Replacing the Temporary Self-Signed Certificates for iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Replacing the iManager Self-Signed Certificates on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Replacing the iManager Self-Signed Certificates on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Configuring iManager for IPv6 Addresses after Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Specifying an Authorized User for eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
5 Upgrading iManager 45
Upgrade Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Upgrading to iManager 3.2 on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Upgrading to iManager 3.2 on Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Silent Upgrade of iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Upgrading iManager Plug-In Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Authorized Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Updating Role Based Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Re-Installing or Migrating Plug-in Studio Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
6 Uninstalling iManager 53
Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
iManager Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
About this Book and the Library 5
About this Book and the Library
The Installation Guide describes how to install the NetIQ iManager (iManager) product.
For the most current version of the NetIQ iManager Installation Guide, see the English version of the
documentation at the NetIQ iManager online documentation site.
Intended Audience
This guide is intended for network administrators, and describes how to install, upgrade, or uninstall
iManager.
Other Information in the Library
The library provides the following information resources:
Administration Guide
Provides conceptual information about the iManager. This book defines terminology and
includes implementation scenarios.
6 About this Book and the Library
About NetIQ Corporation 7
About NetIQ Corporation
We are a global, enterprise software company, with a focus on the three persistent challenges in
your environment: Change, complexity and risk—and how we can help you control them.
Our Viewpoint
Adapting to change and managing complexity and risk are nothing new
In fact, of all the challenges you face, these are perhaps the most prominent variables that deny
you the control you need to securely measure, monitor, and manage your physical, virtual, and
cloud computing environments.
Enabling critical business services, better and faster
We believe that providing as much control as possible to IT organizations is the only way to
enable timelier and cost effective delivery of services. Persistent pressures like change and
complexity will only continue to increase as organizations continue to change and the
technologies needed to manage them become inherently more complex.
Our Philosophy
Selling intelligent solutions, not just software
In order to provide reliable control, we first make sure we understand the real-world scenarios
in which IT organizations like yours operate — day in and day out. That's the only way we can
develop practical, intelligent IT solutions that successfully yield proven, measurable results. And
that's so much more rewarding than simply selling software.
Driving your success is our passion
We place your success at the heart of how we do business. From product inception to
deployment, we understand that you need IT solutions that work well and integrate seamlessly
with your existing investments; you need ongoing support and training post-deployment; and
you need someone that is truly easy to work with — for a change. Ultimately, when you
succeed, we all succeed.
Our Solutions
Identity & Access Governance
Access Management
Security Management
Systems & Application Management
Workload Management
Service Management
8 About NetIQ Corporation
Contacting Sales Support
For questions about products, pricing, and capabilities, contact your local partner. If you cannot
contact your partner, contact our Sales Support team.
Contacting Technical Support
For specific product issues, contact our Technical Support team.
Contacting Documentation Support
Our goal is to provide documentation that meets your needs. If you have suggestions for
improvements, click
Add Comment at the bottom of any page in the HTML versions of the
documentation posted at www.netiq.com/documentation. You can also email Documentation-
[email protected]. We value your input and look forward to hearing from you.
Contacting the Online User Community
Qmunity, the NetIQ online community, is a collaborative network connecting you to your peers and
NetIQ experts. By providing more immediate information, useful links to helpful resources, and
access to NetIQ experts, Qmunity helps ensure you are mastering the knowledge you need to realize
the full potential of IT investments upon which you rely. For more information, visit http://
community.netiq.com.
Worldwide: www.netiq.com/about_netiq/officelocations.asp
United States and Canada: 1-888-323-6768
Email: [email protected]
Web Site: www.netiq.com
Worldwide: www.netiq.com/support/contactinfo.asp
North and South America: 1-713-418-5555
Europe, Middle East, and Africa: +353 (0) 91-782 677
Email: [email protected]
Web Site: www.netiq.com/support
1
Planning to Install iManager 9
1
Planning to Install iManager
This section provides the prerequisites, considerations, and system setup needed to install iManager.
First, consult the checklist to understand the installation process.
“Checklist for Installing iManager” on page 9
“Understanding the Server and Client Versions of iManager” on page 10
“Understanding Installation for iManager Plug-ins” on page 11
“Prerequisites and Considerations for Installing iManager” on page 11
“System Requirements for iManager Server” on page 14
“System Requirements for iManager Workstation (Client Version)” on page 15
Checklist for Installing iManager
Before beginning the installation, NetIQ recommends that you review the following steps.
Checklist Items
1. Understand the difference between iManager and iManager Workstation. For more
information, see “Understanding the Server and Client Versions of iManager” on page 10.
2. (Conditional) To ensure that Linux computers meet the prerequisites for installing iManager
and iManager Workstation, review the following considerations:
For iManager, see “Considerations for Installing iManager Server on a Linux Server” on
page 12
For iManager Workstation, see “Considerations for Installing iManager Workstation on
Linux Clients” on page 13
3. (Conditional) To ensure that Windows computers meet the prerequisites for installing
iManager and iManager Workstation, review the following considerations:
For iManager, see “Considerations for Installing iManager Server on a Windows
Platform” on page 13
For iManager Workstation, see “Considerations for Installing iManager Workstation on
Windows Clients” on page 13
4. Review the hardware and software requirements for the computers that will host iManager:
For iManager, see “System Requirements for iManager Server” on page 14
For iManager Workstation, see “System Requirements for iManager Workstation
(Client Version)” on page 15
10 Planning to Install iManager
Understanding the Server and Client Versions of iManager
You must install iManager on a server that can access an eDirectory tree. To install iManager on a
workstation instead of a server, you need the client-based version of iManager, the iManager
Workstation. Use the following guidelines to decide which version fits best in your environment, or
whether your eDirectory management policies would benefit from installing both versions:
If you have a single administrator who always manages eDirectory from the same client
workstation, you can take advantage of iManager Workstation. iManager Workstation is fully
self-contained and requires little setup. It automatically loads and unloads the resources it
needs when starts and stops. iManager Workstation installs and runs on various Linux or
Windows client workstations and has no dependencies on server-based iManager. It can coexist
with any other versions of iManager installed on your network.
iManager plug-ins do not automatically synchronize between iManager instances. If you have
multiple administrators and use customized plug-ins, iManager Workstation and these plug-ins
must be installed on each administrator’s client workstation.
If you manage eDirectory from multiple client workstations, or have multiple administrators,
install iManager Server so that it is available from any connected workstation. Additionally,
customized plug-ins only need to be installed once per iManager Server.
5. Access the installation files for iManager from the iManager installation package.
Alternatively, download the installation files from the NetIQ Downloads website. Search for
iManager products, select the iManager version that you want, then download the
.tgz
and
tar.bz2
or
win.zip
file to a directory on your server. For example,
iMan_320_linux_x86_64.tgz
and
iMan_320_workstation_linux_x86_64.tar.bz2
or
iMan_320_win_x86_64.zip
.
6. (Optional) To learn more about the process for installing plug-ins, see “Understanding
Installation for iManager Plug-ins” on page 11.
7. (Optional) To review actions that you can perform after installing iManager, see Chapter 4,
“Post-Installation Tasks for iManager,” on page 39.
8. To install iManager Server and iManager Workstation, see the following sections:
For Linux computers, see “Installing iManager Server and iManager Workstation on
Linux” on page 17
For Windows computers, see “Installing iManager Server and iManager Workstation
on Windows” on page 22
For a silent installation, see “Installing iManager Silently” on page 26
Checklist Items
Planning to Install iManager 11
Understanding Installation for iManager Plug-ins
By default, the plug-in modules are not replicated between iManager servers. You must install the
plug-in modules that you want on each iManager server.
In a clean install, you must select the plug-ins that need to be installed. You can override the default
selections and add new plug-ins to download. As a general rule, you should always upgrade plug-ins
that you installed with a previous version of iManager. Also, more recent plug-ins might not be
compatible with previous versions of iManager.
The base plug-ins for iManager are available only as part of the complete iManager software
download (for example, eDirectory administrative plug-ins). Unless there are specific updates to
these plug-ins, you can only download and install them with the entire iManager product.
The installation program uses an XML descriptor file,
iman_mod_desc.xml
, to identify the plug-ins
that are available for downloading. The default URL for the file is http://www.novell.com/products/
consoles/imanager/iman_mod_desc.xml. However, you can point the installation program to an
alternative network URL. For example, you might be installing iManager behind a proxy or firewall
that prevents the installation program from accessing the default URL.
IMPORTANT: You must use the latest iManager SDK to re-compile any custom plug-ins that you want
to use with the newly installed version environment.
For instructions about downloading and installing plug-ins, see the steps in one of the following
sections:
Linux: “Installing iManager Server and iManager Workstation on Linux” on page 17
Windows: “Installing iManager Server and iManager Workstation on Windows” on page 22
Silent installation: “Installing iManager Silently” on page 26
For more information about customizing the process for downloading and installing plug-ins, see
“Downloading and Installing Plug-in Modules”.
Prerequisites and Considerations for Installing iManager
This section provide information for installing server and workstation versions of iManager.
“Considerations for Installing iManager” on page 12
“Considerations for Installing iManager Server on a Linux Server” on page 12
“Considerations for Installing iManager Server on a Windows Platform” on page 13
“Considerations for Installing iManager Workstation on Linux Clients” on page 13
“Considerations for Installing iManager Workstation on Windows Clients” on page 13
12 Planning to Install iManager
Considerations for Installing iManager
Before installing iManager, review the following considerations:
If the iManager server setup program detects a previously installed version of iManager which
is prior to 2.7.7.x, installation process stops automatically and you need to manually remove the
existing iManager, JRE, and Tomcat installations.
Because iManager Workstation is a self-contained environment, you can install multiple
versions on the same workstation, including older versions of Mobile iManager. However, you
should not attempt to run them simultaneously. If you need to use different versions, run one
version, close it, and then run the other version.
You cannot run iManager Workstation from a path that includes spaces. For example,
C:\NetIQ\iManager Workstation\working
.
You must have
root
access rights for Linux servers or Administrator access for Windows
servers.
To create a Role-Based Services (RBS) collection in the eDirectory tree, you must have admin-
equivalent rights.
To run the iManager RBS Configuration Wizard, you must have admin-equivalent rights.
To manage the same eDirectory tree with multiple versions of iManager, you must update your
RBS Collection(s) to the latest iManager version.
Considerations for Installing iManager Server on a Linux Server
Your Linux server must have specific packages already installed before you install iManager. In
general, you can download the following
.rpm
files from a website such as http://rpmfind.net/linux.
Red Hat Enterprise Linux (RHEL)
libstdc++-4.4.*.el6.i686.rpm (RHEL 7, RHEL 6 64-bit)
libstdc++-4.4.*.el6.x86_64.rpm (RHEL 7, RHEL 6 64-bit for GUI installation mode)
glibc-2.12-*.el6.i686 (RHEL 7, RHEL 6 64-bit)
libXau-*.el6.i686.rpm (RHEL 7, RHEL 6 64-bit)
libxcb-*.el6.i686.rpm (RHEL 7, RHEL 6 64-bit)
libX11-*.el6.i686.rpm (RHEL 7, RHEL 6 64-bit)
libXext-*.el6.i686.rpm (RHEL 7, RHEL 6 64-bit)
libXi-*.el6.i686.rpm (RHEL 7, RHEL 6 64-bit)
libXtst-*.el6.i686.rpm (RHEL 7, RHEL 6 64-bit)
libstdc++-*.el6.i686.rpm (RHEL 7, RHEL 6 64-bit)
libgcc-*.el6.i686.rpm (RHEL 7, RHEL 6 64-bit)
libXrender-0.9.5-1.el6.i686.rpm (RHEL 7, RHEL 6 64-bit)
glibc-32.rpm
Planning to Install iManager 13
SUSE Linux Enterprise Server (SLES) 64-bit
To use PKI plug-in, you must also install the following RPM on the iManager server:
SLES 15 64-bit:
libstdc++6-32bit
and
net-tools-deprecated
package. On SLES 15, you
must also install
glibc-32.rpm
.
NOTE: Ensure to install
net-tools deprecated
package before installing iManager on SLES
15 otherwise the installation will fail.
Considerations for Installing iManager Server on a Windows
Platform
If you are using Microsoft Internet Information Services (IIS) or Apache HTTP Server for Windows,
you must manually integrate iManager with these web server infrastructures. By default, iManager
uses Tomcat on Windows servers.
Considerations for Installing iManager Workstation on Linux
Clients
Your Linux clients must have the following packages already installed before you install iManager
Workstation:
GTK2
GLIBC 2.3
libstdc++33
SUSE Linux Enterprise Desktop (SLED) 11 (32-bit)
SLED 12 (32-bit)
SLED 11 SP1 (32-bit)
openSUSE 11.x (32-bit)
openSUSE 12.x (32-bit)
openSUSE 13.2 (32-bit)
NICI, OpenSSL RPMs and novell-libstdc
Considerations for Installing iManager Workstation on Windows
Clients
Before installing iManager Workstation on your Windows clients, NetIQ recommends that you
review the following considerations:
To enable Internet Explorer to use a proxy server for your LAN, you must specify Bypass Proxy
Server for Local Addresses under Tools > Internet Options > Connections > LAN Settings.
14 Planning to Install iManager
If you run iManager Workstation from a path where any directory contains
temp
or
tmp
in the
name, such as
c:\programs\temp\imanager
, iManager plug-ins do not install. Instead, run
iManager Workstation from
C:\imanager
or a non-temporary directory.
The first time that you run iManager Workstation on a Windows workstation, use an account
that is a member of the workstation's Administrators group.
System Requirements for iManager Server
This section provides the minimum requirements to help you set up the server that hosts iManager.
For more information about the server version of iManager, see “Understanding the Server and
Client Versions of iManager” on page 10.
IMPORTANT: To prepare for the installation, review the considerations and system requirements
listed in the Release Notes accompanying the release. For more information, see the product
documentation page.
1.4 GHz 64-bit processor
2 GB memory
Disk space
200 MB for Linux
500 MB for Windows
Web browser
Latest version of Internet explorer
NOTE: iManager does not support Metro user interface view of Internet Explorer 10 on
Windows 7 and 8.
Latest version of Google Chrome
Latest version of Mozilla Firefox
Latest version of Apple Safari
Application Server
iManager installs Tomcat on Windows servers.
iManager 3.2 SP6 supplies Tomcat 9.0.55-1.
NOTE: You can manually integrate an existing IIS or Apache web server infrastructure with
iManager on a Windows server.
Do not install standalone iManager package on a tomcat server running other applications.
iManager 3.2 is compatible with eDirectory 9.2 directory services.
NOTE: iManager 3.2 should only be installed with eDirectory 9.0 and above on the same server.
8080, 8443, and 9009 default ports.
One of the following operating systems:
Planning to Install iManager 15
The following table contains a list of the certified and supported server operating systems that
eDirectory can run on.
IMPORTANT: Certified means the Operating System has been fully tested and supported.
However, if an Operating System is listed as Supported it means that it has not yet been tested,
but it is expected to work.
NOTE: On Linux, logrotate utility handles the log rotation of
catalina.out
file. The log
rotation configuration is stored in the
netiq-tomcat
file in
/etc/logrotate.d
directory. If
logrotate is not scheduled to run daily, the logs are not rotated. NetIQ recommends you to
rotate the logs at
12:00 a.m
(midnight).
If SELinux is configured to run in Enforcing mode, logrotate might not work as expected. To
troubleshoot, run the following command:
semanage fcontext -a -t var_log_t '/var/opt/novell/tomcat/logs(/.*)?'
restorecon -Frvv /var/opt/novell/tomcat/logs
System Requirements for iManager Workstation (Client
Version)
This section provides requirements to help you set up the computer hosting iManager Workstation.
For more information about the client version of iManager, see “Understanding the Server and
Client Versions of iManager” on page 10.
IMPORTANT: To prepare for the installation, review the considerations and system requirements
listed in the Release Notes accompanying the release. For more information, see the product
documentation page.
1 GHz 64-bit processor
Certified Server Operating System
Version
Supported Operating Systems Notes
Windows Server 2016, Windows
Server 2019, and Windows 2022
(64-bit)
Supported on later versions of
service packs
iManager runs only in 64-bit mode.
SUSE Linux Enterprise Server 12
SP3, SP4 and SP5 (64-bit)
Supported on later versions of
support packs
iManager runs only in 64-bit mode.
SUSE Linux Enterprise Server 15,
SLES 15 SP1, SP2, and SP3
Supported on later versions of
support packs
iManager runs only in 64-bit mode.
Red Hat Enterprise Linux (RHEL)
Server 7.6, 7.7, 7.8, and 7.9 (64-bit)
Supported on later versions of
support packs
iManager runs only in 64-bit mode.
Red Hat Enterprise Linux (RHEL)
Server 8.0, 8.1, 8.2, 8.3, 8.4, and
8.5 (64-bit)
Supported on later versions of
support packs
iManager runs only in 64-bit mode.
NOTE: You must set SELinux either
to disable mode or permissive
mode on RHEL 8.
16 Planning to Install iManager
2 GB memory
300 MB of disk space
Application Server
iManager installs Tomcat on Windows servers.
iManager 3.2 SP6 supplies Tomcat 9.0.55-1.
NOTE: You can manually integrate an existing IIS or Apache web server infrastructure with
iManager on a Windows server.
8080, 8443, and 9009 default ports.
Azul ZuluOpenJDK 1.8.0_312 (64-bit) software, bundled with iManager Workstation
One of the following operating systems:
The following table contains a list of the certified and supported server operating systems that
eDirectory can run on.
IMPORTANT: Certified means the Operating System has been fully tested and supported.
However, if an Operating System is listed as Supported it means that it has not yet been tested,
but it is expected to work.
NOTE: iManager Workstation does not work on SLED 12 SP3, SLED 15 and OpenSUSE Leap 42.3,
OpenSUSE 13.2, and onward. To workaround this issue, launch iManager using the
iManager.sh
command and access the workstation through other browser using the URL: http://localhost:8080/
nps. The port number can differ. You can find the port number in the
iManager.log
file located at
<extracted_directory>/imanager/bin/iManager.log
location.
Certified Server Operating System
Version
Supported Operating Systems Notes
Windows 7 Enterprise Edition (64-
bit)
Supported on later versions of
service packs
iManager runs only in 64-bit mode.
Windows 7 Ultimate Edition (64-
bit)
Supported on later versions of
service packs
iManager runs only in 64-bit mode.
Windows 7 Professional Edition
(64-bit)
Supported on later versions of
support packs
iManager runs only in 64-bit mode.
Windows 7 SP1 (64-bit) Supported on later versions of
support packs
iManager runs only in 64-bit mode.
Windows 8, 8.1 Enterprise Edition
(64-bit)
Supported on later versions of
support packs
iManager runs only in 64-bit mode.
Windows 10 (64-bit) Supported on later versions of
support packs
iManager runs only in 64-bit mode.
OpenSUSE 13.2 (64-bit) Supported on later versions of
support packs
iManager runs only in 64-bit mode.
SLED 12 and SLED 15 (64-bit) Supported on later versions of
support packs
iManager runs only in 64-bit mode.
2
Installing iManager Server and Workstation 17
2
Installing iManager Server and
Workstation
This chapter describes the process for installing iManager. To prepare for the installation, review the
prerequisites and system requirements provided in “Prerequisites and Considerations for Installing
iManager” on page 11.
To review the full installation process, see the “Planning to Install iManager” on page 9.
“Installing iManager Server and iManager Workstation on Linux” on page 17
“Installing iManager Server and iManager Workstation on Windows” on page 22
“Installing iManager Silently” on page 26
“Installing iManager Patch” on page 28
Installing iManager Server and iManager Workstation on
Linux
This section provides the steps for installing iManager Server and iManager Workstation on Linux
servers and clients. To prepare for the installation, review the prerequisites and system
requirements:
iManager: “Considerations for Installing iManager Server on a Linux Server” on page 12 and
“System Requirements for iManager Server” on page 14
iManager Workstation: “Considerations for Installing iManager Workstation on Linux Clients”
on page 13 and “System Requirements for iManager Workstation (Client Version)” on page 15.
Also see the Release Notes accompanying the release.
Installing iManager Server on Linux
The following procedure describes how to install the server version of iManager on a Linux server
using an installation wizard, either in GUI format or from the console. To perform a silent,
unattended installation, see “Installing iManager Silently” on page 26.
If the setup program for iManager Server detects a previously installed version of iManager, it might
give you the option to stop the installation process or remove the existing iManager, JRE, and Tomcat
installations.
When you install iManager, the process lays down the following products on your server:
Tomcat 9.0.55-1
Azul ZuluOpenJDK 1.8.0_312 (64-bit)
18 Installing iManager Server and Workstation
After a successful installation, the setup program generates a configuration file, by default
/var/
log/install.properties
, with values based on the questions asked during the installation. You
can modify this file for use in a silent installation. For more information, see “Installing iManager
Silently” on page 26.
To install iManager on Linux:
1 At the NetIQ Downloads Web site (http://dl.netiq.com/), search for iManager products, select
the iManager version that you want to use, then download it to a directory on your server. For
example,
iMan_320_linux_x86_64.tgz
.
2 Extract to the downloaded file in to the iManager folder:
For example, use the follwoing command:
tar -zxvf iMan_320_linux_x86_64.tgz
3 Open a shell and change to the
/extracted_directory/iManager/installs/linux
directory.
This path is relative to the directory where you copied or extracted the iManager files.
4 Enter one of the following commands while logged in as
root
or
root
-equivalent.
To do a command-line (text) install:
./iManagerInstallLinux.bin
To do a GUI install:
./iManagerInstallLinux.bin -i gui
5 At the splash screen, specify a language, and then click OK.
6 Read the Introduction, and then click Next.
7 Accept the License Agreement, and then click Next.
8 For the components that you want to install, specify iManager, Tomcat, JVM.
NOTE: You must select this option only. iManager will not work as expected if you select either
of the other two options.
9 Click Next.
10 (Optional) To use IPv6 addresses with iManager, click Yes in the Enable IPv6 window.
You can enable IPv6 addresses after you install iManager. For more information, see
“Configuring iManager for IPv6 Addresses after Installation” on page 42.
11 Click Next.
12 (Optional) To download and install plug-ins as part of the installation, complete the following
steps:
12a Specify that you want to download and install plug-ins, and then click Next.
12b (Conditional) For a console install, enter a comma-separated list of the plug-in numbers
that you want to download.
12c (Conditional) If you are using the wizard program, select the check boxes of the plug-ins
that you want to download.
(Optional) To download plug-ins from an different network location, specify an alternative
Network URL.
Installing iManager Server and Workstation 19
When using an alternative URL for downloading plug-ins, you must verify the URL contents,
and verify that the plug-in is appropriate for your use. By default, the installation program
downloads plug-ins from http://www.novell.com/products/consoles/imanager/
iman_mod_desc.xml. For more information, see “Understanding Installation for iManager
Plug-ins” on page 11.
12d Click Next.
12e (Conditional) The setup program might display the following message:
No new or updated plug-ins found. All plug-ins are downloaded or
updated or the iManager download server is unavailable.
If this occurs, one or more of the following conditions exist:
There are no updated plug-ins available from the download site.
There is a problem with your Internet connection. Verify your connection and try
again.
Connection to the Descriptor File (http://www.novell.com/products/consoles/
imanager/iman_mod_desc.xml) was not successful. This URL refers to an XML
descriptor file of available iManager plug-ins.
The iManager installation is behind a proxy that does not allow a connection to the
above URL.
12f Specify whether you want to install plug-ins from a local drive, and then click Next.
12g (Conditional) To install plug-ins from a local directory, specify the directory path that
contains the appropriate plug-in (
.npm
) files.
The default path is
/extracted location/iManager/installs/plugins
, but you
can specify any valid mount point here.
12h Click Next.
13 You can specify the ports on which you want Tomcat to run. Ensure that the custom ports you
are mentioning are available.
The default ports are 8080 for HTTP, 8443 for HTTPS, and 9009 as the MOD_JK connector port.
14 Click Next.
15 Specify the certificate public key algorithm that you want the TLS certificate to use, then click
Next.
The options are:
RSA: The certificate uses a 2048-bit RSA key pair.
ECDSA 256: The certificate uses a ECDSA key pair with curve secp256r1.
By default,
RSA is selected.
16 Based on the certificate selected in Step 15, iManager allows you to configure the following
cipher levels for TLS communication.
RSA: This certificate allows four cipher levels.
NONE: Allows any type of cipher.
LOW: Allows a 56-bit or a 64-bit cipher.
MEDIUM: Allows a 128-bit cipher.
HIGH: Allows ciphers that are greater than 128-bit.
20 Installing iManager Server and Workstation
ECDSA 256: This certificate allows only one cipher level.
SUITEB 128 ONLY: Allows a 128-bit cipher.
For ECDSA certificates, iManager allows only Suite B ciphers.
By default, the cipher level is set to
NONE. The selected cipher level is activated after Tomcat
server is restarted.
17 (Optional) Specify an authorized user and the appropriate eDirectory tree name that this user
will manage.
NOTE: NetIQ does not recommend leaving these settings blank. If you leave these fields blank,
iManager allows any user to install plug-ins and make changes to iManager server settings.
You can specify an authorized user after completing the installation process. For more
information, see “Specifying an Authorized User for eDirectory” on page 43.
The installation program does not validate the specified user credentials with eDirectory.
You should not enter the IP address of the eDirectory tree in the tree name field.
Otherwise, some of the iManager functionalities will be impacted.
18 Click Next.
19 Read the Pre-Installation Summary page, and then click Next.
20 When the installation completes, click Done.
21 When the initialization of iManager finishes, click the first link in the Getting Started page, an
then log in. For more information, see “Accessing iManager” in the NetIQ iManager
Administration Guide.
NOTE: If you plan to run iManager Workstation as a non-root user in the future, do not run
iManager as
root
the first time. For more information, see “Installing iManager Server and
iManager Workstation on Windows” on page 22.
22 Use the
chmod
command to change the permissions on the following InstallAnywhere files to
644
(read) to prevent modifications:
/var/opt/novell/tomcat9/webapps/nps/UninstallerData/
.com.zerog.registry.xml
/var/opt/novell/tomcat9/webapps/nps/UninstallerData/
Uninstall_PluginName/.com.zerog.registry.xml
Do not modify the content in these files. Changing the content might affect other installations
that use InstallAnywhere.
Installing iManager Server and Workstation 21
Installing iManager Workstation on Linux Clients
iManager Workstation is a self-contained environment. You can install multiple versions on the same
workstation (including older versions of Mobile iManager). However, you should not attempt to run
them concurrently. If you need to use different versions, run one version, close it, and then run the
other version.
When you install iManager, the process lays down the following products on your server:
Tomcat 9.0.55-1
Azul ZuluOpenJDK 1.8.0_312 (64-bit)
NOTE: You cannot run iManager Workstation from a path that includes spaces. For example,
products/iManager Workstation/working
.
To install iManager Workstation on Linux clients:
1 At the NetIQ Download Web site (http://www.dl.netiq.com/), search for iManager products,
select iManager 3.2, then download
iMan_320_workstation_linux_x86_64.tar.bz2
to
a directory on your server.
2 Use the following command to extract the file:
tar -xjvf iMan_320_workstation_linux_x86_64.tar.bz2
The extraction creates an
imanager
folder in the same folder where iManager Workstation’s
tar.bz2
file is located.
3 To install or upgrade the Novell International Cryptography Infrastructure (NICI) software, log in
as
root
or a
root
-equivalent because the required NICI packages are used system-wide.
NetIQ requires you to install 64-bit NICI.
4 To install NICI, enter the following commands from the preinstalls folder:
rpm -Uvh nici*.rpm
On desktops where NICI is not installed, use the above mentioned command to install NICI. On
desktops where NICI is already installed, use the above mentioned command to upgrade NICI.
5 To install OpenSSL rpm, enter the following command from the preinstalls folder:
rpm -Uvh netiq-openssl*.rpm
6 (Conditional) To run iManager Workstation as a non-root user in the future, do not run
iManager as
root
the first time. Navigate to the
imanager/bin
directory and execute the
iManager Workstation startup script.
./iManager.sh
7 In the iManager login window, specify a user name, password, and an eDirectory tree.
For more information about accessing iManager, see “Accessing iManager” in the NetIQ
iManager Administration Guide.
8 (Optional) To enable IPv6 addresses, complete the following steps:
1. Open the
User_Install_Directory/Tomcat/conf/catalina.properties
file.
2. Set the following configuration entries in the
catalina.properties
file:
java.net.preferIPv4Stack=false
22 Installing iManager Server and Workstation
java.net.preferIPv4Addresses=true
3. Restart iManager.
Installing iManager Server and iManager Workstation on
Windows
This section provides the steps for installing iManager Server and iManager Workstation on
Windows servers and clients. To prepare for the installation, review the prerequisites and system
requirements:
iManager Server: “Considerations for Installing iManager Server on a Windows Platform” on
page 13.
iManager Workstation: “Considerations for Installing iManager Workstation on Windows
Clients” on page 13.
Also see the Release Notes accompanying the release.
Installing iManager Server on Windows
The following procedure describes how to install the server version of iManager on a Windows
server using an installation wizard. To perform a silent, unattended installation, see “Installing
iManager Silently” on page 26.
If the setup program for iManager Server detects a previously installed version of iManager, it might
give you the option to stop the installation process or remove the existing iManager, JRE, and Tomcat
installations. When the setup program removes the previously installed version of iManager, it backs
up the directory structure to the old
TOMCAT_HOME
directory to preserve any previously created
custom content.
For information about running iManager Server on the same machine as NetIQ eDirectory, see
“Running eDirectory and iManager on the Same Computer (Windows only)” in the NetIQ iManager
Administration Guide.
When you install iManager server, the process lays down the following products on your server:
Tomcat 9.0.55-1
Azul ZuluOpenJDK 1.8.0_312 (64-bit)
To install iManager Server on Windows:
1 Log in as a user with administrator privileges on the computer where you want to install
iManager.
2 At the NetIQ Downloads Web site, search for iManager products, select iManager 3.2, then
download
iMan_320_win_x86_64.zip
to a directory on your server.
3 Extract the file into the iManager folder.
4 Run
iManagerInstall.exe
(
extracted_directory\iManager\installs\win
).
5 (Optional) To view the debug output of the installation program, hold the
Ctrl
key immediately
after launching the installation program until a console window appears. For more information
about debugging, see “Troubleshooting” in the NetIQ iManager Administration Guide.
Installing iManager Server and Workstation 23
6 In the iManager welcome window, select a language, and then click OK.
7 In the Introduction window, and then click Next.
8 Accept the License Agreement, and then click Next.
9 (Conditional) If your server already has a version of JVM or Tomcat or other supporting
components that are installed as part of iManager, in the
Detection Summary window, complete
the following steps:
9a Under Install the following components, verify that the versions listed for the components
match the versions that you want to install.
9b (Optional) If the setup program does not list the versions that you want to install, browse
to the appropriate components in the installation folder.
10 Click Next.
11 In the Get PORT Input window, specify the port numbers on which Tomcat server must run, and
then click
Next.
By default, the HTTP port and SSL port values are 8080 and 8443, respectively. However, if you
have another service or Tomcat server using the default ports, you can specify different ports on
which you want Tomcat to run. Ensure that the custom ports you are mentioning are available.
12 (Optional) To use IPv6 addresses with iManager, click Yes in the Enable IPv6 window.
You can enable IPv6 addresses after you install iManager. For more information, see
“Configuring iManager for IPv6 Addresses after Installation” on page 42.
13 Click Next.
14 In the Choose Install Folder window, specify the folder to store the installation files, and then
click
Next.
The default installation location is
C:\Program Files\Novell
.
15 (Optional) To download and install plug-ins as part of the installation, complete the following
steps:
15a In the Select Plug-ins to Download and Install window, select the plug-ins that you want.
15b (Optional) To download plug-ins from an different network location, specify an alternative
Network URL.
When using an alternative URL for downloading plug-ins, you must verify the URL contents,
and verify that the plug-in is appropriate for your use. By default, the installation program
downloads plug-ins from http://www.novell.com/products/consoles/imanager/
iman_mod_desc.xml. For more information, see “Understanding Installation for iManager
Plug-ins” on page 11.
15c Click Next.
15d (Conditional) The setup program might display the following message:
No new or updated plug-ins found. All plug-ins are downloaded or
updated or the iManager download server is unavailable.
If you see this error, one or more of the following conditions exist:
There are no updated plug-ins available from the download site.
There is a problem with your Internet connection. Verify your connection and try
again.
24 Installing iManager Server and Workstation
Connection to the Descriptor File (http://www.novell.com/products/consoles/
imanager/iman_mod_desc.xml) was not successful. This URL refers to an XML
descriptor file of available iManager plug-ins.
The iManager installation is behind a proxy that does not allow a connection to the
above URL.
15e (Optional) To install plug-ins from a local directory, in the Select Plug-ins to Install from Disk
window, specify the directory path that contains the appropriate
.npm
plug-in files.
This step allows you to install previously downloaded or custom plug-ins. The default path
is
/extracted location/iManager/installs/plugins
. However, you can specify
any valid path.
15f Click Next.
16 Specify the certificate public key algorithm that you want the TLS certificate to use, then click
Next.
You can select one of the following options:
RSA: The certificate uses a 2048-bit RSA key pair.
ECDSA 256: The certificate uses a ECDSA key pair with curve secp256r1.
The default option is
RSA.
17 Based on the certificate you choose in Step15, iManager allows you to configure the following
cipher levels for TLS communication.
RSA: This certificate allows four cipher levels.
NONE: Allows any type of cipher.
LOW: Allows a 56-bit or a 64-bit cipher.
MEDIUM: Allows a 128-bit cipher.
HIGH: Allows ciphers that are greater than 128-bit.
ECDSA 256: This certificate allows one cipher level.
SUITEB 128 ONLY: Allows a 128-bit cipher.
For ECDSA certificates, iManager allows only Suite B ciphers.
By default, the cipher level is set to
NONE. The selected cipher level is activated after Tomcat
server is restarted.
18 (Optional) In the Get User and Tree Names window, specify an authorized user and the name of
the eDirectory tree that this user will manage.
NOTE: If eDirectory uses a port other than the default port 524, you can specify the IP address
or DNS name of the eDirectory server plus the port number. Do not use
localhost
. For
example, to specify an IPv6 address, enter
https://[2001:db8::6]:1080/nps/
servlet/webacc?taskId=fw.Startup&forceMaster=true
.
NetIQ does not recommend leaving these settings blank. If you leave these fields blank,
iManager allows any user to install plug-ins and make changes to iManager server settings.
You can specify an authorized user after completing the installation process. For more
information, see “Specifying an Authorized User for eDirectory” on page 43.
The installation program does not validate the specified user credentials with eDirectory.
19 Click Next.
Installing iManager Server and Workstation 25
20 Read the Pre-installation summary page, and then click Install.
21 When the installation completes, the Install Complete window displays relevant messages about
the success of the process.
NOTE: Sometimes the Install Complete window might display the following error message:
The installation of iManager version is complete, but some errors
occurred during the install.
Please see the installation log Log file path for details. Press "Done"
to quit the installer.
22 (Conditional) If the installer displays the error message shown in Step 21, complete the
following steps:
22a Note the path to the log file that the error message displays.
22b In the Install Complete window, click Done.
22c Open the log file.
22d (Conditional) If you find the following error in the log file, you can ignore the error
message. The installation was successful, and iManager functions properly.
Custom Action: com.novell.application.iManager.install.InstallDLLs
Status: ERROR
Additional Notes: ERROR - class
com.novell.application.iManager.install.InstallDLLs
NonfatalInstallException C:\WINDOWS\system32\msvcr71.dll (The
process cannot access the file because it is being used by another
process)
22e (Conditional) If the log file does not contain the error listed in Step 22d, NetIQ
recommends that you retry the installation.
23 Click Done.
24 When the initialization of iManager finishes, click the first link in the Getting Started page, an
then log in. For more information, see “Accessing iManager” in the NetIQ iManager
Administration Guide.
Installing iManager Workstation on Windows
iManager Workstation is a self-contained environment. You can install multiple versions on the same
workstation (including older versions of Mobile iManager). However, you should not attempt to run
them concurrently. If you need to use different versions, run one version, close it, and then run the
other version.
NOTE: You cannot run iManager Workstation from a path that includes spaces. For example,
C:\NetIQ\iManager Workstation\working
.
When you install iManager workstation, the process lays down the following products on your
machine:
Tomcat 9.0.55-1
Azul ZuluOpenJDK 1.8.0_312 (64-bit)
26 Installing iManager Server and Workstation
To install iManager Workstation on Windows:
1 At the NetIQ Download Web site (http://www.dl.netiq.com/), search for iManager products,
select iManager version, then download the file. For example,
iMan_320_workstation_win.zip
.
2 Extract the
iMan_320_workstation_win.zip
file to a folder.
3 From the
imanager\bin
folder, run the
iManager.bat
file.
NOTE: The above step installs NICI 64-bit and Microsoft Visual C++ 2012 Redistributable
Package. If you have any older version of NICI installed, you will be prompted to upgrade NICI to
the latest version.
4 In the iManager login window, specify the credentials for an authorized user and the eDirectory
tree that this user manages.
For more information about accessing iManager, see “Accessing iManager” in the NetIQ
iManager Administration Guide.
5 (Optional) To enable IPv6 addresses, complete the following steps:
1. Open the
User_Install_Directory/Tomcat/conf/catalina.properties
file.
2. Set the following configuration entries in the
catalina.properties
file:
java.net.preferIPv4Stack=false
java.net.preferIPv4Addresses=true
3. Restart the Tomcat service.
Installing iManager Silently
A silent (non-interactive) installation does not display a user interface or ask the user any questions.
Instead, InstallAnywhere uses information from a default
install.properties
file. You can run
the silent installation with the default file or edit the file to customize the installation process.
To prepare for the installation, review the prerequisites and system requirements:
iManager Server: “Considerations for Installing iManager Server on a Linux Server” on page 12.
iManager Workstation: “Considerations for Installing iManager Workstation on Linux Clients”
on page 13.
Also see the Release Notes accompanying the release.
You can perform a standard silent install on Linux or Windows server using the default install values
or customize the installation process and then run the installation silently using the following steps:
1 Open a console window and navigate to the directory containing the iManager file you
downloaded.
2 In the command line, enter one of the following:
For Linux:
./iManagerInstallLinux.bin -i silent
For Windows:
iManagerInstall.exe -i silent
Installing iManager Server and Workstation 27
Editing the Properties File for a Customized Silent Installation
For more control over which modules are installed, you can customize the silent installation process.
1 Open the
install.properties
file, located by default in the same directory that contains
the installer executable file.
NOTE: If you previously installed the current version of iManager on a server, you can use the
installer.properties
file that setup program generated. The file, located by default in the
/var/log
directory, contains the values that you specified during the installation.
2 In the properties file, add the following parameters and values:
$PLUGIN_INSTALL MODE$
Specifies the property that controls whether plug-ins are installed. Add one of the
following values:
DISK
- (default) instructs the setup program to install the plug-ins from the local disk.
NET
- instructs the setup program to install the plug-ins from the network.
BOTH
- instructs the setup program to install the plug-ins from both disk and network.
SKIP
- does not install the plug-ins.
$PLUGIN_DIR$
Specifies an alternate path to plug-ins located on the local disk. The default path is
installer_root_directory/iManager/installs/platform path/plugin
.
The installation program installs all modules in the plug-in directory, except for
subdirectories.
$PLUGIN_INSTALL_URL$
Specifies the network URL where the installation program can download the plug-ins, by
default http://www.novell.com/products/consoles/imanager/iman_mod_desc.xml. If you
specify an alternative URL, you must verify the URL contents, and verify that the plug-in is
appropriate for your use. For more information, see “Understanding Installation for
iManager Plug-ins” on page 11.
$LAUNCH_BROWSER$
Specifies whether the installation program launches the
gettingstarted.html
file
launches once the installation process completes.
$USER_INSTALL_DIR$
Specifies the path where you want iManager to be installed.
USER_INPUT_ENABLE_IPV6
Specifies whether to enable iManager to use IPv6 addresses. By default, the installation
program sets this value to
yes
.
USER_INPUT_CERTIFICATE_TYPE
Specifies whether to use RSA or Suite B certificate based on your security requirement.
If you choose RSA, add one of the following values:
NONE
LOW
28 Installing iManager Server and Workstation
MEDIUM
HIGH
If you choose ECDSA 256, add the following value:
SUITEB 128 ONLY
For ECDSA certificates, iManager allows only Suite B ciphers.
By default, this value is set to
NONE.
3 For each plug-in module that you want to download and install, specify the module ID and
version from the
MANIFEST.MF
file, located in the
META-INF/
folder of the
.npm
(plug-in
module). For example:
$PLUGIN_MODULE_ID_1$=eDirectoryBackupAndRestore
$PLUGIN_VERSION_1$=2.7.20050517
$PLUGIN_MODULE_ID_2$=ldap
$PLUGIN_VERSION_2$=2.7.20050517
NOTE: If you do not specify any modules, the program installs the most commonly installed
modules, tagged as “selected” in the
iman_mod_desc.xml
files on the download website.
If you do not define a version for a module, the setup program installs any module that
matches the
.npm
name.
Running a Silent Installation for iManager
You can silently install iManager on a Linux or Windows server using the default values in the
install.properties
file, located by default in the same directory that contains the installer
executable file.
1 In a console window, go to the directory containing the
install.properties
file that you
downloaded.
2 On the command line, enter one of the following commands:
Linux:
./iManagerInstallLinux.bin -i silent
Windows:
iManagerInstall.exe -i silent
Installing iManager Patch
To prepare for the installation, review the prerequisites and system requirements:
iManager Server: “Considerations for Installing iManager Server on a Linux Server” on page 12.
iManager Workstation: “Considerations for Installing iManager Workstation on Linux Clients”
on page 13.
Also see the Release Notes accompanying the release.
Installing iManager Server and Workstation 29
You can perform a standard silent install on Linux or Windows server using the default install values
or customize the installation process and then run the installation silently using the following steps:
1 Open a console window and navigate to the directory containing the iManager patch file you
downloaded.
2 In the command line, enter one of the following:
For Linux:
In Silent Mode:
./patchInstall.bin -i silent
In Console Mode:
./patchInstall.bin.bin
In GUI Mode:
./patchInstall.bin -i GUI
For Windows:
In Silent Mode:
\>patchInstall.exe -i silent
In GUI Mode: On Windows, the patch installer always runs in GUI mode by default.
FORCE Installation of iManager Patch Silently
To do a FORCE installation of iManager patch, perform the following steps:
NOTE: FORCE installation of iManager patch is performed only in silent mode on both linux and
windows.
1 Uncomment
FORCE_INSTALL_MODE=true
from the
install.properties
file.
2 In the command line, enter one of the following:
For Linux:
./patchInstall.bin.bin -i silent -f path_to_properties_file
For Windows:
\>patchInstall.bin.exe -i silent -f path_to_properties_file
30 Installing iManager Server and Workstation
3
Deploying iManager Using Docker Container 31
3
Deploying iManager Using Docker
Container
This chapter explains how to deploy iManager using Docker container.
“Why Docker?” on page 31
“Planning to Deploy iManager Using Docker Container” on page 31
“Deploying iManager Container” on page 32
“Post-Installation Tasks” on page 36
“Managing iManager Data Storage” on page 37
“Upgrading iManager Using Docker Container” on page 38
IMPORTANT: We are shipping a preview version of Docker Container-based deployment with
iManager 3.2 for customers to use and provide feedback. Customers wishing to deploy in production
will be supported only with a Professional Services engagement.
Why Docker?
Docker is the most common application containerization technology. It is a platform designed to
make it easier to create, deploy, and run applications by using containers. Containers encapsulate an
application with its own operating system and all other dependencies, such as libraries and
packages. Deploying iManager using Docker containers has the following advantages:
High Portability: Any application running in containers can be deployed easily to any Docker
supported operating systems and hardware platforms.
Easy to Deploy: Containers allow applications to be more rapidly deployed, upgraded or even
scaled through Orchestration tools.
Consistency: There will be no impact on the functionality of eDirectory regardless of where the
containers are deployed.
For more information on Docker and its components, see, Docker Overview.
Planning to Deploy iManager Using Docker Container
This chapter explains the system requirements and prerequisites for deploying iManager as Docker
Container.
32 Deploying iManager Using Docker Container
System Requirements
Platform Requirements
Docker Community Edition version 18.06 and above is sufficient for deploying eDirectory
Docker container.
overlay2
is the recommended Docker storage driver. BTRFS is not a supported file system of
the host on which Docker can be installed.
Linux kernel version 3.10 or higher.
Hardware Requirements
A minimum of 4 GB RAM and 30 GB Hard disk space is to be provisioned on the Docker Host
machine.
NOTE: Memory, CPU and Hard Disk requirements will vary depending on the type of deployment
and the number of containers to be deployed. Always provision more resources than the current
requirement to handle any possible scale up in future.
Prerequisites
Docker should be installed. For more information on supported platforms, see Docker
Documentation.
Docker daemon should be up and running.
iManager Docker image tarball should be downloaded from NetIQ download website.
Docker CLI
The explanation of various commands used in the Docker CLI is found here.
Deploying iManager Container
The OS base image of the iManager Docker image is openSUSE Leap 15.2. iManager image archive
file should be downloaded to the Docker Host machine. After downloading the archive file, it has to
be extracted and then the image has to be loaded into the local Docker registry by using the
following commands to install standalone iManager container:
# tar -xvf iManager_326_Container.tar.gz
# docker load --input iManager_326/iManager_326.tar.gz
The above command will load a Docker image named
imanager:3.2.6
.
NOTE: To enable iManager container deployment along with Identity Manager, the iManager image
is bundled along with other Identity Manager images into a single
.tar.gz
file. For more
information on iManager container deployment with Identity Manager, see Deploying iManager
Container in the NetIQ Identity Manager 4.8.5: Installation and Upgrade Guide.
Deploying iManager Using Docker Container 33
Before deploying iManager, you must consider the following recommendations:
Docker containers do not have any resource constraints by default. This provides every
container with the access to all the CPU and memory resources provided by the host’s kernel.
You must also ensure that one running container should not consume more resources and
starve other running containers by setting limits to the amount of resources that can be used by
a container.
Docker container should ensure that a Hard Limit is applied for the memory used by the
container using the
--memory
flag on Docker run command.
Docker container should ensure that a limit is applied to the amount of CPU used by a
running container using the --
cpuset-cpus
flag on the Docker run command.
--pids-limit
should be set to 300 to restrict the number of kernel threads spawned
inside the container at any given time. This is to prevent DoS attacks.
You must set the container restart policy to
on-failure
with number of retries as 5 using the
--restart
flag on Docker run command. Containers will have to be manually restarted if the
Docker daemon on the host machine gets restarted.
You must only use the iManager container once the health status shows as healthy after the
container comes up. To check the container’s health status, run the following command:
docker ps --filter status="running"
Docker containers usually have a default list of Linux capabilities enabled. You must ensure to
keep only the following capabilities enabled for iManager container and drop the others:
AUDIT_WRITE
CHOWN
DAC_OVERRIDE
SETGID
SETUID
FOWNER
SYS_PTRACE (Only if using utilities that make use of Linux
ptrace
. Such as
gdb
)
For more information on how to add and drop capabilities, see Runtime privilege and Linux
capabilities.
iManager container will always start as non-root user (
novlwww
). As an additional security
measure, enable user namespace remapping on the daemon to prevent privilege-escalation
attacks from within the container. For more information on user namespace remapping, see
Isolate containers with a user namespace.
Configuring iManager Using Environment File
The
iManager.env
file is found at
/etc/opt/novell/iManager/conf
inside the iManager
container. A sample configuration file with default values for the parameters is shown below:
34 Deploying iManager Using Docker Container
# Certificate Public Key Algorithm
# Allowed Values: RSA, ECDSA256, ECDSA384
CERTIFICATE_ALGORITHM=RSA
# Cipher Suite
# Allowed Values:
# For RSA - NONE, LOW, MEDIUM HIGH
# For ECDSA256 - SUITEB128ONLY
# For ECDSA384 - SUITEB128, SUITEB192
CIPHER_SUITE=NONE
# Tomcat Server HTTP Port
TOMCAT_HTTP_PORT=8080
# Tomcat Server SSL Port
TOMCAT_SSL_PORT=8443
# iManager Authorized User (admin_name.container_name.tree_name)
AUTHORIZED_USER=
To start an iManager container with non-default values for any of the above parameters, you should
create the
iManager.env
file in the Docker host file-system and bind mount it to the path
/etc/
opt/novell/iManager/conf
inside the iManager container using
--volume
option. For
example,
docker run --name=iMan320 --volume /path/to/iManager.env:/etc/opt/novell/
iManager/conf/iManager.env imanager:3.2.0
Parameters can be modified after the container is started by editing the
/path/to/iManager.env
file and restart the container. To change the configuration of a running container, perform the
following steps:
Modify the /path/to/iManager.env file.
Restart the container using
docker restart iMan320
Installing the iManager Plug-Ins During Container Startup
To install plug-ins from a local directory on the Host machine during Container startup, you must
mount the directory path that contains the appropriate plug-in (.npm) files to the
/var/opt/
novell/iManager/nps/packages/
location on the iManager container using
-v
option in the
docker run command.
docker run --name=iMan322 --volume /path/to/iManager.env:/etc/opt/novell/
iManager/conf/iManager.env -v /path/to/plugins:/var/opt/novell/iManager/
nps/packages imanager:3.2.2
The plug-ins which are available in the directory path, get installed automatically during the
container bring up and can be viewed under the
Installed NetIQ Plug-in Modules in iManager.
NOTE: The Container must be restarted after it comes up.
New plug-ins can be added to the available iManager plug-ins list after the container comes up,
using the same bind mount. New plug-ins need to be copied to the same local directory on the
Host machine mounted to
/var/opt/novell/iManager/nps/packages/
location on the
iManager container. A container restart has to be performed afterwards to get the new plug-ins
listed.
Deploying iManager Using Docker Container 35
iManager Docker container supports Host and Overlay network drivers for deployment in a multi-
host Docker environment:
“Deploying iManager Container in Host Network” on page 35
“Deploying iManager Container in User Defined Overlay Network” on page 35
Deploying iManager Container in Host Network
iManager containers can be configured using the Host network driver to access eDirectory servers
that are deployed on the network. For information on Docker networks, see Configure Networking.
The following example shows how to configure iManager container using the Host network driver:
docker run -it --name=iMan320 --net=host --restart on-failure:5 --
memory="1000M" --cpuset-cpus="2" --volume iManager-volume:/config --volume
/path/to/iManager.env:/etc/opt/novell/iManager/conf/iManager.env
imanager:3.2.0
NOTE:
--net=host
flag is used to deploy the container using the Host network driver.
iManager-volume
should be created before deploying iManager in the Host network. For
more information, see “Managing iManager Data Storage” on page 37.
Figure 3-1 Deploying iManager Container in Host Network
Deploying iManager Container in User Defined Overlay Network
A User Defined Overlay network can be used to create a distributed network of eDirectory
containers running on multiple Docker daemon hosts. An iManager container that is deployed in this
overlay network can be used to manage all of these eDirectory servers. User defined overlay
36 Deploying iManager Using Docker Container
network can be deployed in both Linux and Windows. Ensure that the iManager Docker host is a part
of the same Docker Swarm as the eDirectory Docker hosts. For more information on how to deploy
containers in Overlay network, see Use Overlay Networks.
Before deploying iManager container in a user defined Overlay network, you must consider the
following recommendations:
eDirectory containers and the iManager container must be deployed within the same Overlay
network.
You must publish the container ports when the ports are accessed from outside the Docker
Overlay network. Docker publishes the container ports on 0.0.0.0 by default which is the wild
card IP address. This will match any possible incoming port on the host machine. Docker
containers should be made to publish ports on a particular interface of the Host machine by
using the following Docker run option:
--publish <Host_IP Address>:host_port:container_port
The following example shows how to configure iManager container in user defined overlay network:
docker run -it --name=iManager320 --net=eDir-overlay-nw --restart on-
failure:5 --memory="1000M" --cpuset-cpus="2" --volume iManager-volume:/
config --volume /path/to/iManager.env:/etc/opt/novell/iManager/conf/
iManager.env --publish 443:8443 imanager:3.2.0
NOTE:
eDir-overlay-nw
is the name of the Overlay network in Docker swarm inside which
eDirectory containers are deployed. For more information on how to configure an Overlay network
in Docker swarm, see Use Overlay Networks.
Figure 3-2 Deploying iManager Container in User Defined Overlay Network
Post-Installation Tasks
Perform the following tasks after deploying the iManager container:
Deploying iManager Using Docker Container 37
Installing iManager Plug-Ins
To install the Plug-ins, perform the following steps:
1 Login to iManager.
2 Go to Configure > Plug-in Installation.
3 Add the Plug-ins from the local file system if the required plug-ins cannot be downloaded from
the external download site. Alternatively, you can add plugins to the available iManager plug-
ins list using bind mount. For more information, see “Installing the iManager Plug-Ins During
Container Startup” on page 34.
4 Install the required plug-ins from the available iManager plug-ins list.
5 Restart the iManager container using
docker restart iMan320
NOTE: Restarting iManager will restart Tomcat and populate the plug-ins inside
iManager-
volume
.
Replacing the Temporary Self-Signed Certificates
After deploying the iManager container, you must replace the temporary self-signed certificates for
iManager. For more information, see “Replacing the Temporary Self-Signed Certificates for
iManager” on page 39.
Managing iManager Data Storage
Docker Volume is the preferred mechanism for persistently storing iManager data and configuration.
For more information on persistent storage, see Manage data in Docker.
iManager application data that requires persistent storage will be placed under the
/config
directory in the container during startup. A Docker volume has to be mounted to the
/config
path
in the iManager container to persistently store the data on the Docker host file system outside the
container. Even if a container is stopped or removed for administrative purposes, application data
inside the volume is retained.
This practice is useful for retaining old configuration and data during an upgrade of iManager
container. For information on upgrading iManager container, see “Upgrading iManager Using Docker
Container” on page 38.
The following example shows how to create a Docker volume called
iManager-volume
:
docker volume create iManager-volume
The following command shows how to start an iManager container with a volume attached to it for
storage purpose:
docker run -it --name=iMan320 --net=host --restart on-failure:5 --
memory="1000M" --cpuset-cpus="2" --volume iManager-volume:/config --volume
/path/to/iManager.env:/etc/opt/novell/iManager/conf/iManager.env
imanager:3.2.0
In the above command,
iManager-volume
is the Docker volume that is created and mounted to
/
config
location in the iManager container.
38 Deploying iManager Using Docker Container
NOTE: After the iManager container is configured, you must restart the container using
docker
restart iMan320
command before using iManager.
The packages directory under
/config
will preserve the
npm
files for plug-ins. While upgrading the
container, if the older volume is attached to the container, it will re-install the older plug-ins from the
volume.
Upgrading iManager Using Docker Container
When a new version of iManager image (for example
imanager:3.2.1
) is available, the
administrator can perform an upgrade procedure to deploy container with the latest version of
iManager. Ensure to store all necessary application related data persistently in Docker volumes
before performing an upgrade. Perform the following steps to upgrade iManager using Docker
container:
1 Stop and remove the running iManager container. Since the running containers cannot use the
new image, they should be stopped and removed before performing an upgrade.
2 Start a new container using the new iManager image and the application data of the old
container stored in Docker Volumes:
The following example shows how to start an iManager container with the Volume of the old
container:
docker run -it --name=iMan321 --net=host --restart on-failure:5 --
memory="1000M" --cpuset-cpus="2" --volume iManager-volume:/config --
volume /path/to/iManager.env:/etc/opt/novell/iManager/conf/iManager.env
imanager:3.2.1
NOTE: You must use the
iManager.env
file in the Docker run command to retain the configuration
of the old iManager container.
4
Post-Installation Tasks for iManager 39
4
Post-Installation Tasks for iManager
After you install iManager, you can modify the configuration settings, such as enabling IPv6
addressing or changing the authorized user for an eDirectory tree. Also, NetIQ recommends that you
replace the self-signed certificates that the installation process created.
“Replacing the Temporary Self-Signed Certificates for iManager” on page 39
“Configuring iManager for IPv6 Addresses after Installation” on page 42
“Specifying an Authorized User for eDirectory” on page 43
Replacing the Temporary Self-Signed Certificates for
iManager
Standalone iManager installations include a temporary, self-signed certificate for use by Tomcat. It
has an expiration date of one year. NetIQ provides this certificate to help you get your system up and
running so you can securely use iManager immediately after you install the product. NetIQ and
OpenSSL do not recommend using self-signed certificates except for testing purposes. Instead, you
should replace the temporary certificate with a secure one.
Tomcat stores the self-signed certificate in a keystore that uses Tomcat (PKCS12) format file.
Normally, you would import a private key to replace the certificate. However, the
keytool
that you
use to modify the Tomcat keystore cannot import a private key. The tool only uses a self-generated
key.
This section explains how to generate a public/private key pair in eDirectory using NetIQ Certificate
Server and to replace the temporary certificate. If you are using eDirectory, you can use NetIQ
Certificate Server to securely generate, track, store, and revoke certificates with no further
investment.
Replacing the iManager Self-Signed Certificates on Linux
This section describes how to create a keypair in eDirectory and export the Public, Private, and Root
Certificate Authority (CA) keys with a
PKCS#12
file on the Linux platform. This includes modifying
Tomcat's
server.xml
configuration file to use the PKCS12 directive and point the configuration to
an actual P12 file rather than use the default PKCS12 keystore.
This process uses the following files:
/var/opt/novell/novlwww/.p12
, which holds the temporary keypair
/opt/novell/jdk1.8.0_222/jre/lib/security/cacerts
, which holds the trusted root
certificates
/etc/opt/novell/tomcat9/server.xml
, which is used for configuring Tomcat's use of
certificates
40 Post-Installation Tasks for iManager
To replace the self-signed certificates on Linux:
1 To create a new certificate, complete the following steps:
1a Log in to iManager.
1b Click NetIQ Certificate Server > Create Server Certificate.
1c Select the appropriate server.
1d Specify a nickname for the server.
1e Accept the rest of the certificate defaults.
2 To export the server certificate to the Tomcat home directory, complete the following steps:
2a In iManager, select Directory Administration > Modify Object.
2b Browse to and select the Key Material Object (KMO) object.
2c Click Certificates > Export.
2d Specify a password.
2e Save the server certificate as a PKCS#12 (
.pfx
) in the
/var/opt/novell/novlwww
directory.
3 To conver t the
.pfx
file to a
.pem
file, complete the following steps:
3a Enter a command, such as
openssl pkcs12 -in newtomcert.pfx -out
newtomcert.pem
.
3b Specify the same password for the certificate that you specified in Step 2.
3c Specify a password for the new
.pem
file.
You can use the same password, if desired.
4 To conver t the
.pem
file to a
.p12
file, complete the following steps:
4a Enter a command, such as
openssl pkcs12 -export -in newtomcert.pem -out
newtomcert.p12 -name "New Tomcat"
.
4b Specify the same password for the certificate that you specified in Step 3.
4c Specify a password for the new
.p12
file.
You can use the same password, if desired.
5 To stop Tomcat, enter the following command:
/usr/sbin/rcnovell-tomcat9 stop
6 To ensure that Tomcat uses the newly created
.p12
certificate file, add
keystoreType
,
keystoreFile
, and
keystorePass
variables to the Tomcat configuration file, by default
/
etc/opt/novell/tomcat9/server.xml
. For example:
<Connector className="org.apache.coyote.tomcat9.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75" enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory
className="org.apache.coyote.tomcat9.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" keystoreType="PKCS12"
keystoreFile="/var/opt/novell/novlwww/newtomcert.p12"
keystorePass="<password>" />
</Connector>
Post-Installation Tasks for iManager 41
NOTE: When setting the keystore type to PKCS12, you must specify the entire path to the
certificate file, as Tomcat will no longer default to using the Tomcat home path.
7 To ensure that the
.p12
certificate file functions appropriately, complete the following steps:
7a Change the file’s ownership to the appropriate Tomcat user/group, by default
novlwww
.
For example,
chown novlwww:novlwww newtomcert.p12
.
7b Change the file permissions to
user=rw
,
group=rw
, and
others=r
. For example,
chmod
654 newtomcert.p12
.
8 To start Tomcat, enter the following command:
/usr/sbin/rcnovell-tomcat9 start
Replacing the iManager Self-Signed Certificates on Windows
This section describes how to create a keypair in eDirectory and export the Public, Private, and Root
Certificate Authority (CA) keys with a
PKCS#12
file on the Windows platform. This includes
modifying Tomcat's
server.xml
configuration file to use the PKCS12 directive and point the
configuration to an actual P12 file rather than use the default PKCS12 keystore.
This process uses the following files:
C:\Program Files\Novell\Tomcat\conf\ssl\.p12
, which holds the temporary keypair
C:\Program Files\Novell\jre\lib\security\cacerts
, which holds the trusted root
certificates
C:\Program Files\Novell\Tomcat\conf\server.xml
, which is used for configuring
Tomcat's use of certificates
To replace the self-signed certificates on Windows:
1 To create a new certificate, complete the following steps:
1a Log in to iManager.
1b Click NetIQ Certificate Server > Create Server Certificate.
1c Select the appropriate server.
1d Specify a nickname for the server.
1e Accept the rest of the certificate defaults.
2 To export the server certificate, complete the following steps:
2a In iManager, select Directory Administration > Modify Object.
2b Browse to and select the Key Material Object (KMO) object.
2c Click Certificates > Export.
2d Specify a password.
2e Save the server certificate as a PKCS#12 (
.pfx
).
42 Post-Installation Tasks for iManager
3 To conver t the
.pfx
file to a
.pem
file, complete the following steps:
NOTE: OpenSSL is not installed on Windows by default. However, you can download a version
for the Windows platform from OpenSSL website. Alternatively, you can convert the certificate
on a Linux platform, on which OpenSSL is installed by default. For more information about using
Linux to convert the file, see “Replacing the Temporary Self-Signed Certificates for iManager”
on page 39.
3a Enter a command, such as
openssl pkcs12 -in newtomcert.pfx -out
newtomcert.pem
.
3b Specify the same password for the certificate that you specified in Step 2.
3c Specify a password for the new
.pem
file.
You can use the same password, if desired.
4 To conver t the
.pem
file to a
.p12
file, complete the following steps:
4a Enter a command, such as
openssl pkcs12 -export -in newtomcert.pem -out
newtomcert.p12 -name "New Tomcat"
.
4b Specify the same password for the certificate that you specified in Step 3.
4c Specify a password for the new
.p12
file.
You can use the same password, if desired.
5 Copy the
.p12
file to the Tomcat certificate location, by default
C:\Program
Files\Novell\Tomcat\conf\ssl\
.
6 To stop the Tomcat Service, enter the following command:
net stop tomcat9
7 To ensure that Tomcat uses the newly created
.p12
certificate file, add
keystoreType
,
keystoreFile
, and
keystorePass
variables to the Tomcat
server.xml
file. For example:
<Connector className="org.apache.coyote.tomcat9.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75" enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory
className="org.apache.coyote.tomcat9.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" keystoreType="PKCS12"
keystoreFile="/conf/ssl/newtomcert.p12" keystorePass="<password>" />
When setting the keystore type to
PKCS12
, you must specify the entire path to the certificate
file, as Tomcat will no longer default to using the Tomcat home path.
8 Start the Tomcat service by entering the following command:
net start tomcat9
Configuring iManager for IPv6 Addresses after Installation
After installing iManager, you can enable iManager to use IPv6 addresses.
1. Open the
catalina.properties
file in the installation directory, located by default in the
following directories:
Post-Installation Tasks for iManager 43
Linux:
/var/opt/novell/tomcat9/conf/
directory
Windows:
installation_directory\Tomcat\conf
folder
2. Set the following configuration entries in the properties file:
java.net.preferIPv4Stack=false
java.net.preferIPv4Addresses=true
3. Restart Tomcat.
Specifying an Authorized User for eDirectory
After installing iManager, you can modify the credentials for the authorized user and the appropriate
eDirectory tree name that this user manages. For more information, see “iManager Authorized
Users and Groups” in the NetIQ iManager Administration Guide.
1 Log in to iManager.
2 In the Configure view, select iManager Server > Configure iManager > Security.
3 Update the user credentials and tree name.
44 Post-Installation Tasks for iManager
5
Upgrading iManager 45
5
Upgrading iManager
Upgrading NetIQ iManager to 3.2 depends on the currently installed iManager version on the server.
This section explains the following procedures:
“Upgrade Scenarios” on page 45
“Authorized Users” on page 50
“Updating Role Based Services” on page 50
“Re-Installing or Migrating Plug-in Studio Plug-ins” on page 51
Upgrade Scenarios
The following sections describe various upgrade scenarios of iManager:
“Upgrading to iManager 3.2 on Linux” on page 45
“Upgrading to iManager 3.2 on Windows” on page 47
“Silent Upgrade of iManager” on page 49
“Upgrading iManager Plug-In Modules” on page 50
Upgrading to iManager 3.2 on Linux
If the iManager installation detects a previously installed version of iManager 2.7.7.x, it prompts you
to upgrade the installed version. If you choose to upgrade it, the installer replaces the existing JRE
and Tomcat versions with the latest versions. This will also upgrade the iManager to the latest
version.
To prepare for the installation, review the checklist of prerequisites provided in “Prerequisites and
Considerations for Installing iManager” on page 11 and “Considerations for Installing iManager
Server on a Linux Server” on page 12.
When you install iManager, the process lays down the following products on your server:
Tomcat 9.0.55-1
Azul ZuluOpenJDK 1.8.0_312 (64-bit)
1 (Conditional) If you have modified the
server.xml
and
context.xml
configuration files,
make a backup copy of the files in a different location before performing the upgrade. The
upgrade process replaces the configuration files.
2 At the NetIQ Downloads Web site (http://dl.netiq.com), search for iManager products, select
iManager 3.2, then download
iMan_320_linux.tgz
to a directory on your server.
3 To extract to the iManager folder, use the following command:
tar -zxvf iMan_320_linux.tgz
46 Upgrading iManager
4 Open a shell and change to the
/extracted_directory/iManager/installs/linux
directory.
This path is relative to the directory where you copied or extracted the iManager files.
5 Enter one of the following commands while logged in as root or root equivalent user:
To do a command-line (text) installation, enter:
./iManagerInstallLinux.bin
To do a GUI install, enter:
./iManagerInstallLinux.bin -i gui
After a successful installation, the installer generates a configuration file (
/var/log/
installer.properties
) if eDirectory is installed along with iManager. In case of stand alone
iManager installation, the
installer.properties
file is stored in the extracted path, ie.
/
iManager/installs/linux
. This file can then be modified and used for a silent installation.
See “Installing iManager Silently” on page 26.
6 On the iManager splash screen, select a language, then click OK.
7 At the Upgrade prompt, select Upgrade.
8 Read through the Introduction, then click Next.
9 Accept the license agreement, then click Next.
NOTE: By default, the HTTP port and SSL port values that were configured in the previous
version of iManager will be used to configure the latest version of iManager.
10 On the Enable IPV6 window, click Yes to enable IPv6, then click Next.
Alternatively, you can enable IPv6 after installing iManager using the following steps:
1. Open
<USER_INSTALL_DIR>\Tomcat\conf\catalina.properties
file.
2. Set the following configuration entries in the
catalina.properties
file:
java.net.preferIPv4Stack=false
java.net.preferIPv4Addresses=true
3. Restart Tomcat.
11 Specify the certificate public key algorithm that you want the TLS certificate to use, then click
Next.
The options are:
RSA: The certificate uses a 2048-bit RSA key pair.
ECDSA 256: The certificate uses a ECDSA key pair with curve secp256r1.
By default,
RSA is selected.
12 Based on the certificate selected in Step 15, iManager allows you to configure the following
cipher levels for TLS communication.
RSA: This certificate allows four cipher levels.
NONE: Allows any type of cipher.
LOW: Allows a 56-bit or a 64-bit cipher.
MEDIUM: Allows a 128-bit cipher.
HIGH: Allows ciphers that are greater than 128-bit.
Upgrading iManager 47
ECDSA 256: This certificate allows only one cipher level.
SUITEB 128 ONLY: Allows a 128-bit cipher.
For ECDSA certificates, iManager allows only Suite B ciphers.
By default, the cipher level is set to
NONE. The selected cipher level is activated after Tomcat
server is restarted.
13 Click Next.
14 Read the Pre-Upgrade Summary page and click Next.
During upgrade, new iManager files are installed and they cause configuration changes.
Upgrade can take several minutes. After the upgrade completes, the Upgrade Complete page
displays the success or failure status of the installation.
15 Click Done to quit the installer.
When the Getting Started page appears, wait for iManager to initialize before attempting
access.
To access iManager, click the first link on the Getting Started page, then log in. For more
information, see “Accessing iManager” in the NetIQ iManager Administration Guide.
16 (Conditional) If you made backup copies of the
server.xml
and
context.xml
configuration
files prior to starting the upgrade process, replace the new configuration files with the backup
copies.
Upgrading to iManager 3.2 on Windows
If the iManager 3.2 installation detects a previously installed version of iManager 2.7.x, it prompts
you to upgrade the installed version. If you choose to upgrade it, the installer replaces the existing
JRE and Tomcat versions with the latest versions. This will also upgrade iManager to the latest
version.
For information about running iManager Server on the same machine as eDirectory, see “Running
eDirectory and iManager on the Same Computer (Windows only)” in the NetIQ iManager
Administration Guide.
1 (Conditional) If you have modified the
server.xml
and
context.xml
configuration files,
make a backup copy of the files in a different location before performing the upgrade. The
upgrade process replaces the configuration. files.
2 Extract the
iMan_320_win.zip
file into the iManager folder.
3 Run the
iManagerInstall.exe
file from the
extracted_directory\iManager\installs\win
folder.
4 On the iManager splash screen, select a language, then click OK.
5 On the introduction page, then click Next.
6 Accept the license agreement, then click Next.
7 At the Upgrade prompt, select Upgrade.
NOTE: By default, the HTTP port and SSL port values that were configured in the previous
version will be used to configure the latest version of iManager.
8 Read the Detection Summary page, then click Next.
48 Upgrading iManager
The Detection Summary displays the latest version of Servlet container and JVM software that
iManager will use once it is installed.
9 Specify the certificate public key algorithm that you want the TLS certificate to use, then click
Next.
You can select one of the following options:
RSA: The certificate uses a 2048-bit RSA key pair.
ECDSA 256: The certificate uses a ECDSA key pair with curve secp256r1.
The default option is
RSA.
10 Based on the certificate you choose in Step15, iManager allows you to configure the following
cipher levels for TLS communication.
RSA: This certificate allows four cipher levels.
NONE: Allows any type of cipher.
LOW: Allows a 56-bit or a 64-bit cipher.
MEDIUM: Allows a 128-bit cipher.
HIGH: Allows ciphers that are greater than 128-bit.
ECDSA 256: This certificate allows one cipher level.
SUITEB 128 ONLY: Allows a 128-bit cipher.
For ECDSA certificates, iManager allows only Suite B ciphers.
By default, the cipher level is set to
NONE. The selected cipher level is activated after Tomcat
server is restarted.
11 On the Enable IPV6 window, click Yes to enable IPv6, then click Next.
Alternatively, you can enable IPv6 after installing iManager using the following steps:
1. Open
<USER_INSTALL_DIR>\Tomcat\conf\catalina.properties
file.
2. Set the following configuration entries in the
catalina.properties
file:
java.net.preferIPv4Stack=false
java.net.preferIPv4Addresses=true
3. Restart Tomcat.
12 Read the Pre-installation summary page, then click Install.
The upgrade process can take several minutes.
After the upgrade completes, the Upgrade Complete page displays the success or failure status
of the installation.
NOTE: On Windows, the Install Complete page displays the following error message in spite of a
successful installation.
The installation of iManager Install 3.2 is complete, but some errors
occurred during the install.
Please see the installation log <Log file path> for details. Press
"Done" to quit the installer.
Upgrading iManager 49
If the specified error message is displayed, do the following:
1. Make note of the log file path that is specified within the error message in the Install
Complete page.
2. In the Install Complete page, click
Done.
3. Open the log file.
4. If you find the following error in the log file, you can ignore the error message. The
installation was successful, and iManager properly functions.
Custom Action: com.novell.application.iManager.install.InstallDLLs
Status: ERROR
Additional Notes: ERROR - class
com.novell.application.iManager.install.InstallDLLs
NonfatalInstallException C:\WINDOWS\system32\msvcr71.dll (The
process cannot access the file because it is being used by another
process)
13 Click Done to quit the installer.
A browser window appears which displays the Getting Started page.
Wait for iManager to initialize before attempting access.
To access iManager, click the first link on the Getting Started page, then log in. For more
information, see “Accessing iManager” in the NetIQ iManager Administration Guide.
14 (Conditional) If you made backup copies of the
server.xml
and
context.xml
configuration
files prior to starting the upgrade process, replace the new configuration files with the backup
copies.
Silent Upgrade of iManager
A silent (non-interactive) upgrade does not display a user interface or ask the user any questions.
Instead, InstallAnywhere uses information from a properties file for this purpose.
To perform a standard silent install on Linux server and Windows Server, use the default install
values.
1 Open a console window and browse to the directory that contains the iManager file you
downloaded.
2 On the command line, run the following command:
For Linux:
./iManagerInstallLinux.bin -i silent
For Windows:
iManagerInstall.exe -i silent
50 Upgrading iManager
Upgrading iManager Plug-In Modules
The following is a generic scenario to upgrade the iManager plug-in modules.
Perform the following steps to upgrade iManager:
1 Log in to iManager.
2 Click Configure > Plug-in Installation > Available NetIQ Plug-in Modules. The Available NetIQ Plug-
in Modules page is displayed. The user can select any of the available plug-ins from the list or
install their custom NPM file.
3 If you want to install one of the available plug-in modules, select the respective plug-in from the
list and click
Install. After clicking the install button, follow the instructions mentioned in Step 7.
4 If you want to install any custom plug-ins, click Add on the NetIQ Plug-in Modules page.
5 Browse to select the NPM file of the plug-in on your file system, click OK.
6 You custom plug-in module will now be listed under the Available NetIQ Plug-in Modules list.
Select the plug-in from the list and click
Install.
7 If iManager displays the License Agreement page, read the License Agreement, select I Agree
8
Click OK. The progress indicator is displayed. If you want to stop the installation, click Stop.
9 After the installation is completed, click Close. The following successful message is displayed.
Success: The plug-in module has been successfully installed.
You must now restart Tomcat in order for the changes to take effect.
After Tomcat restarts, if Role Based Services is installed you will need
to configure the newly installed modules.
IMPORTANT: While upgrading iManager, plug-ins do not get upgraded automatically. You must
install the latest plug-ins from the list of available plug-ins.
10 Open a command-line interface and enter the following commands to restart Tomcat:
/usr/sbin/rcnovell-tomcat9 stop
/usr/sbin/rcnovell-tomcat9 start
Authorized Users
When upgrading iManager you will not see the Authorized User screen during the upgrade process if
an existing
configiman.properties
file is detected. The upgrade will use the existing Authorized
User settings from that file.
Updating Role Based Services
The first time you use iManager to log in to an eDirectory tree that already contains an RBS
collection, it is possible that not all of the roles and tasks are displayed. This is working as expected
because some of the plug-ins require updates so that iManager can fully utilize them. The RBS
Upgrading iManager 51
Configuration task lists which RBS modules are out-of-date. We recommend that you update your
RBS modules to the latest version so that you can see and use all of the available functionality in
iManager.
Be aware that you might have multiple roles with the same name. When plug-ins were updated for
iManager 3.2, some plug-in developers changed task IDs or module names but retained the same
display names, thus causing the roles to appear to be duplicated when, in fact, one instance is from
one version and the other is from a newer version.
NOTE: Because different installations of iManager might have a different number of plug-ins locally
installed, you might see discrepancies in the module report for any given collection from the
Role
Based Services > RBS Configuration page. In order for the numbers to match between iManager
installations, make sure that the same subset of plug-ins is installed on each iManager instance in
the tree.
To check whether you have outdated RBS objects:
1 From the Configure view, select Role Based Services > RBS Configuration.
The table on the 2.x Collections tabbed page displays any out-of-date modules.
2 To update them, select the number in the Out-Of-Date column for the Collection you want to
update.
The list of outdated modules is displayed.
3 Select the module you want to update, then click Update at the top of the table.
NOTE: When updating to iManager, or re-installing the product, existing plug-ins are not updated
automatically. To update plug-ins manually, launch iManager and browse to
Configure > Plug-in
Installation > Available Novell Plug-in Modules. For more information, see “Plug-In Module
Installation” in the NetIQ iManager Administration Guide.
Re-Installing or Migrating Plug-in Studio Plug-ins
To migrate or replicate Plug-in Studio plug-ins to another iManager instance, or a new or updated
version of iManager, do the following:
1 From the iManager Configure view, select Role Based Services > Plug-in Studio. The Content
frame displays the Installed Custom Plug-ins list, including the location of the RBS collection to
which the plug-ins belong.
2 Select the plug-in you want to re-install or migrate, then click Edit. You can only edit one plug-in
at a time.
3 Click Install. You should receive a message saying it was successful. Do this for every plug-in you
need to re-install or migrate.
52 Upgrading iManager
6
Uninstalling iManager 53
6
Uninstalling iManager
This section explains how to uninstall iManager on the following platforms:
“Linux” on page 53
“Windows” on page 54
“iManager Workstation” on page 54
IMPORTANT: As a precaution, before uninstalling iManager, back up any custom content or other
special iManager files that you want to preserve.
There is no specific sequence in which iManager or the associated third-party components must be
uninstalled.
There are, of course, ramifications to uninstalling any of these components. For example, if you
uninstall either the Web server or the servlet container, you cannot run iManager. Also, on all
platforms, the uninstall removes only files that it installed in the first place. If there are files that
were created by the application (for example, the log files and auto-generated configuration files
that are created while Tomcat runs), these are not deleted by the uninstall because it did not install
them.
Likewise, if you have created new files or modified existing files within the directory structure that
was originally laid down during the install, these files are not removed by the uninstall. This is a
safeguard so that data is not unintentionally deleted when a product is uninstalled.
Uninstalling iManager does not affect any of the RBS configurations that you have set in your tree.
The uninstall procedure does not remove log files or custom content.
If you try reinstalling iManager when these directories are not cleaned, the installation does not
successfully complete and the installer throws some errors.
Linux
Root access is required for uninstalling.
1 Open a shell and execute the following command:
/var/opt/novell/Uninstaller/Uninstaller.sh
NOTE: Executing the above command will also remove the following directories along with the
JDK
file:
/var/opt/novell/iManager
/var/opt/novell/novlwww
/etc/opt/novell/iManager/
/opt/novell/iManager/
/var/opt/novell/tomcat8/
54 Uninstalling iManager
/etc/opt/novell/tomcat8/
/etc/novell/iManager/
As noted during the uninstall routine, the iManager uninstall process does not uninstall NICI. You can
uninstall NICI separately, if desired. Once the standalone iManager is uninstalled completely, you can
see the
NetIQ_iManager_3.2.0.0_UninstallLog.log
in the
/var/log/
path.
IMPORTANT: If eDirectory is installed on the same server as iManager, NICI is required to continue
to run eDirectory.
Windows
Uninstall iManager using Windows Add or Remove Programs applet in the Control Panel.
Tomcat and NICI are listed separately. If you are no longer using them, you can uninstall each
program separately.
IMPORTANT: If eDirectory is installed on the same server as iManager, NICI is required to continue
to run eDirectory.
When you remove iManager, only some files in the file system are removed. You are asked if you
want to remove all iManager files. If you select Yes, all iManager files are removed, including all
custom content. However, the RBS objects are not removed from the eDirectory tree, and the
schema remains in the same state.
iManager Workstation
To uninstall iManager Workstation, delete the directory where you extracted the files. You can
remove NICI through Add or Remove Programs in the Control Panel on Windows or with the
rpm
command on Linux.
