Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
Tivoli® Tivoli
Provisioning
Manager
Installation
Guide
for
Windows
Version
2.1
GC32-1614-00
���
Tivoli® Tivoli
Provisioning
Manager
Installation
Guide
for
Windows
Version
2.1
GC32-1614-00
���
Note:
Before
using
this
information
and
the
product
it
supports,
be
sure
to
read
the
general
information
under
“Notices”
on
page
123.
First
Edition,
June
2004
This
edition
applies
to
Version
2.1
of
Tivoli
Provisioning
Manager
(product
number
5724-I14)
and
to
all
subsequent
releases
and
modifications
until
otherwise
indicated
in
new
editions.
©
Copyright
IBM®
Corporation
2003,
2004.
All
rights
reserved.
May
only
be
used
pursuant
to
a
Tivoli®
Systems
Software
License
Agreement,
an
IBM
Software
License
Agreement,
or
Addendum
for
Tivoli
Products
to
IBM
Customer
or
License
Agreement.
No
part
of
this
publication
may
be
reproduced,
transmitted,
transcribed,
stored
in
a
retrieval
system,
or
translated
into
any
computer
language,
in
any
form
or
by
any
means,
electronic,
mechanical,
magnetic,
optical,
chemical,
manual,
or
otherwise,
without
prior
written
permission
of
IBM
Corporation.
IBM
Corporation
grants
you
limited
permission
to
make
hardcopy
or
other
reproductions
of
any
machine-readable
documentation
for
your
own
use,
provided
that
each
such
reproduction
shall
carry
the
IBM
Corporation
copyright
notice.
No
other
rights
under
copyright
are
granted
without
prior
written
permission
of
IBM
Corporation.
©
Copyright
International
Business
Machines
Corporation
2003,
2004.
All
rights
reserved.
US
Government
Users
Restricted
Rights
–
Use,
duplication
or
disclosure
restricted
by
GSA
ADP
Schedule
Contract
with
IBM
Corp.
Contents
Preface
.
.
.
.
.
.
.
.
.
.
.
.
.
. vii
Publications
.
.
.
.
.
.
.
.
.
.
.
.
.
. vii
Tivoli
Provisioning
Manager
library
.
.
.
.
. vii
Prerequisite
publications
.
.
.
.
.
.
.
.
. vii
Related
publications
and
resources
.
.
.
.
. viii
Accessing
publications
online
.
.
.
.
.
.
. viii
Accessibility
.
.
.
.
.
.
.
.
.
.
.
.
.
. ix
Contacting
Software
Support
.
.
.
.
.
.
.
.
. ix
Conventions
used
in
this
book
.
.
.
.
.
.
.
. ix
Knowledge
requirements
.
.
.
.
.
.
.
.
.
. ix
Part
1.
About
Tivoli
Provisioning
Manager
.
.
.
.
.
.
.
.
.
.
.
.
.
. 1
Chapter
1.
Software
provided
with
Tivoli
Provisioning
Manager
.
.
.
.
.
.
.
.
. 3
Tivoli
Provisioning
Manager
package
.
.
.
.
.
. 3
Tivoli
Data
Warehouse
package
.
.
.
.
.
.
.
. 6
Part
2.
Planning
your
Tivoli
Provisioning
Manager
installation
.
. 9
Chapter
2.
Supported
hardware
and
software
.
.
.
.
.
.
.
.
.
.
.
.
.
. 11
Supported
database
servers
.
.
.
.
.
.
.
.
. 11
Supported
application
servers
.
.
.
.
.
.
.
. 11
Supported
LDAP
servers
.
.
.
.
.
.
.
.
.
. 11
Supported
Web
browsers
.
.
.
.
.
.
.
.
.
. 11
Supported
operating
environments
.
.
.
.
.
. 12
Supported
hardware
.
.
.
.
.
.
.
.
.
.
. 12
Chapter
3.
Supported
topologies
.
.
. 15
Configuration
limitations
.
.
.
.
.
.
.
.
.
. 15
One-node
topology
.
.
.
.
.
.
.
.
.
.
.
. 16
Two-node
topology
.
.
.
.
.
.
.
.
.
.
.
. 17
Remote
directory
server
configuration
.
.
.
. 17
Remote
database
and
directory
server
configuration
.
.
.
.
.
.
.
.
.
.
.
.
. 18
Three-node
topology
.
.
.
.
.
.
.
.
.
.
. 19
Chapter
4.
Installation
CDs
needed
by
topology
.
.
.
.
.
.
.
.
.
.
.
.
.
. 21
CDs
required
for
a
one-node
topology
.
.
.
.
. 21
Windows
.
.
.
.
.
.
.
.
.
.
.
.
.
. 21
CDs
required
for
a
two-node
topology
–
Remote
directory
server
configuration
.
.
.
.
.
.
.
. 22
Windows
.
.
.
.
.
.
.
.
.
.
.
.
.
. 22
CDs
required
for
a
two-node
topology
–
Remote
database
and
directory
server
configuration
.
.
. 23
Windows
.
.
.
.
.
.
.
.
.
.
.
.
.
. 23
CDs
required
for
a
three-node
topology
.
.
.
.
. 24
Windows
.
.
.
.
.
.
.
.
.
.
.
.
.
. 25
The
next
step
.
.
.
.
.
.
.
.
.
.
.
.
.
. 26
Part
3.
Installing
and
configuring
the
prerequisites
.
.
.
.
.
.
.
.
. 27
Chapter
5.
Installing
and
configuring
the
system
prerequisites
.
.
.
.
.
.
. 29
Installing
and
configuring
Cygwin
.
.
.
.
.
.
. 29
Installing
and
configuring
SNMP
Service
.
.
.
. 30
Installing
SNMP
service
on
Windows
2000
and
Windows
2003
.
.
.
.
.
.
.
.
.
.
.
. 30
Configuring
SNMP
Service
on
Windows
2003
.
. 30
Configuring
SNMP
Service
on
Windows
2000
.
. 31
Checking
the
SNMP
community
name
.
.
.
. 31
The
next
step
.
.
.
.
.
.
.
.
.
.
.
.
.
. 32
Chapter
6.
Installing
the
software
prerequisites
using
the
prerequisite
software
installer
.
.
.
.
.
.
.
.
.
. 33
Before
you
begin
.
.
.
.
.
.
.
.
.
.
.
. 33
About
the
prerequisite
software
installer
.
.
.
.
. 33
Installing
the
prerequisite
software
.
.
.
.
.
. 34
Starting
the
software
services
.
.
.
.
.
.
.
. 37
The
next
step
.
.
.
.
.
.
.
.
.
.
.
.
.
. 38
Chapter
7.
Installing
the
software
prerequisites
using
the
silent
installer
. 39
Before
you
begin
.
.
.
.
.
.
.
.
.
.
.
. 39
About
silent
installation
.
.
.
.
.
.
.
.
.
. 39
Guidelines
for
silent
installation
.
.
.
.
.
. 40
Limitations
of
installing
from
a
response
file
.
. 40
Installing
using
the
response
file
template
.
.
.
. 41
Specifying
response
file
values
.
.
.
.
.
.
.
. 41
Post-installation
tasks
.
.
.
.
.
.
.
.
.
.
. 46
License
for
the
DB2
software
.
.
.
.
.
.
. 46
Starting
the
software
services
.
.
.
.
.
.
.
. 47
The
next
step
.
.
.
.
.
.
.
.
.
.
.
.
.
. 47
Chapter
8.
Applying
mandatory
patches
to
Tivoli
Directory
Server
and
the
WebSphere
Application
Server
.
.
.
. 49
Applying
the
IBM
Tivoli
Directory
Server
fix
.
.
. 49
Applying
the
WebSphere
Application
Server
5.1
Cumulative
Fix
3
.
.
.
.
.
.
.
.
.
.
.
. 49
Applying
the
IBM
WebSphere
MQ
V5.3
fix
.
.
.
. 49
The
next
step
.
.
.
.
.
.
.
.
.
.
.
.
.
. 50
Chapter
9.
Configuring
Tivoli
Directory
Server
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 51
Before
you
begin
.
.
.
.
.
.
.
.
.
.
.
. 51
Configuring
Tivoli
Directory
Server
.
.
.
.
.
. 51
Setting
the
Administrator
DN
and
password
.
. 51
©
Copyright
IBM
Corp.
2003,
2004
iii
Configuring
the
database
.
.
.
.
.
.
.
.
. 51
The
next
step
.
.
.
.
.
.
.
.
.
.
.
.
.
. 53
Chapter
10.
Installing
and
configuring
Microsoft
Active
Directory
.
.
.
.
.
. 55
Before
you
begin
.
.
.
.
.
.
.
.
.
.
.
. 55
Installing
and
configuring
Microsoft
Active
Directory
on
Windows
2000
.
.
.
.
.
.
.
.
. 55
Installing
Microsoft
Active
Directory
.
.
.
.
. 55
Configuring
SSL
for
Windows
2000
.
.
.
.
. 55
Installing
and
configuring
Microsoft
Active
Directory
on
Windows
2003
Server
.
.
.
.
.
. 57
Configuring
SSL
for
Windows
2003
Server
.
.
. 57
Updating
the
schema
.
.
.
.
.
.
.
.
.
. 58
Starting
the
software
services
.
.
.
.
.
.
.
. 59
The
next
steps
.
.
.
.
.
.
.
.
.
.
.
.
. 60
Part
4.
Installing
Tivoli
Provisioning
Manager
.
.
.
.
.
.
.
.
.
.
.
.
. 61
Chapter
11.
Installing
and
configuring
Tivoli
Provisioning
Manager
using
the
graphical
installer
.
.
.
.
.
.
.
.
.
. 63
Before
you
begin
.
.
.
.
.
.
.
.
.
.
.
. 63
Installing
Tivoli
Provisioning
Manager
.
.
.
.
. 63
Post-installation
steps
.
.
.
.
.
.
.
.
.
.
. 67
The
next
step
.
.
.
.
.
.
.
.
.
.
.
.
.
. 68
Chapter
12.
Installing
Tivoli
Provisioning
Manager
using
the
non-graphical
installer
.
.
.
.
.
.
.
. 69
Before
you
begin
.
.
.
.
.
.
.
.
.
.
.
. 69
Installing
Tivoli
Provisioning
Manager
.
.
.
.
. 69
Post-installation
steps
.
.
.
.
.
.
.
.
.
.
. 75
The
next
step
.
.
.
.
.
.
.
.
.
.
.
.
.
. 75
Chapter
13.
Installing
Tivoli
Provisioning
Manager
using
the
silent
installer
.
.
.
.
.
.
.
.
.
.
.
.
.
. 77
Before
you
begin
.
.
.
.
.
.
.
.
.
.
.
. 77
Limitations
of
installing
from
a
response
file
.
.
. 77
Installing
using
the
response
file
template
.
.
.
. 78
Specifying
the
response
file
values
.
.
.
.
.
. 79
Creating
the
response
file
template
during
installation
.
.
.
.
.
.
.
.
.
.
.
.
.
. 82
Post-installation
steps
.
.
.
.
.
.
.
.
.
.
. 83
The
next
steps
.
.
.
.
.
.
.
.
.
.
.
.
. 84
Part
5.
Post-installation
tasks
.
.
. 85
Chapter
14.
Establishing
secure
server
communication
using
SSL
.
.
.
.
.
. 87
The
global
security
kit
(GSKit)
.
.
.
.
.
.
.
. 87
The
key
management
utility
(iKeyman)
.
.
.
.
. 87
About
keystores
.
.
.
.
.
.
.
.
.
.
.
.
. 88
About
self-signed
certificates
.
.
.
.
.
.
.
. 88
Creating
keystores
and
self-signed
certificates
.
.
. 88
Creating
a
keystore
for
the
Tivoli
Directory
Server
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 88
Obtaining
a
personal
certificate
from
a
Certificate
Authority
.
.
.
.
.
.
.
.
.
.
.
.
.
. 89
Creating
and
extracting
a
Self-signed
Certificate
for
the
Tivoli
Directory
Server
.
.
.
.
.
.
. 89
Creating
a
keystore
on
WebSphere
Application
Server
to
enable
SSL
access
from
the
client
.
.
. 90
Creating
self-signed
personal
certificate
for
theWebSphere
Application
Server
.
.
.
.
.
. 90
Creating
a
keystore
from
the
WebSphere
Application
Server
to
Tivoli
Directory
Server
.
. 91
Enabling
SSL
.
.
.
.
.
.
.
.
.
.
.
.
.
. 91
Configure
Tivoli
Directory
Server
to
use
SSL
.
. 91
Import
the
Tivoli
Directory
Server
public
certificate
into
theWebSphere
Application
Server
key
database
.
.
.
.
.
.
.
.
.
.
.
.
. 92
Configure
the
Tivoli
Provisioning
Manager
server
to
use
SSL
.
.
.
.
.
.
.
.
.
.
.
.
.
. 92
Configure
WebSphere
Application
Server
to
access
Tivoli
Directory
Server
using
SSL
.
.
.
. 92
Configuring
WebSphere
Application
Server
and
the
client
to
use
SSL
.
.
.
.
.
.
.
.
.
. 93
Installation
of
e-fix
for
SSL
communication
.
.
.
. 94
The
next
steps
.
.
.
.
.
.
.
.
.
.
.
.
. 95
Chapter
15.
Configuring
OpenSSH
.
.
. 97
Configuring
SSH
on
Windows
2000
.
.
.
.
.
. 97
Configuring
SSH
on
Windows
2003
.
.
.
.
.
. 98
The
next
step
.
.
.
.
.
.
.
.
.
.
.
.
.
. 99
Chapter
16.
Displaying
reports
from
Tivoli
Data
Warehouse
.
.
.
.
.
.
. 101
Why
use
Tivoli
Data
Warehouse?
.
.
.
.
.
.
. 101
Why
use
Tivoli
Data
warehouse
packs?
.
.
.
.
. 101
Displaying
reports
.
.
.
.
.
.
.
.
.
.
.
. 101
The
next
step
.
.
.
.
.
.
.
.
.
.
.
.
. 102
Part
6.
Appendixes
.
.
.
.
.
.
.
. 103
Appendix
A.
Administrative
Tasks
.
. 105
Requirements
to
start
Tivoli
Provisioning
Manager
105
Launch
Tivoli
Provisioning
Manager
using
scripts
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 105
Launch
Tivoli
Provisioning
Manager
using
Windows
Service
.
.
.
.
.
.
.
.
.
.
. 106
Starting
the
application
.
.
.
.
.
.
.
.
.
. 106
Stopping
Tivoli
Provisioning
Manager
.
.
.
.
. 106
Stop
Tivoli
Provisioning
Manager
using
scripts
106
Stop
Tivoli
Provisioning
Manager
using
Windows
Service
.
.
.
.
.
.
.
.
.
.
. 106
Signing
on
to
the
Web
interface
.
.
.
.
.
.
. 107
Signing
off
from
the
Web
interface
.
.
.
.
.
. 107
Changing
Default
Passwords
.
.
.
.
.
.
.
. 107
Appendix
B.
Manual
configurations
109
Manually
configuring
DB2
Universal
Database
.
. 109
Creating
the
database
and
tablespaces
.
.
.
. 109
iv
Tivoli
Provisioning
Manager
Installation
Guide
Configuring
the
DB2
client
to
communicate
with
the
DB2
server
.
.
.
.
.
.
.
.
.
. 109
Manually
configuring
Tivoli
Directory
Server
as
the
directory
server
.
.
.
.
.
.
.
.
.
.
.
.
. 110
Manually
configuring
Microsoft
Active
Directory
as
the
directory
server
on
Windows
2000
.
.
.
.
. 110
Managing
the
schema
.
.
.
.
.
.
.
.
. 111
Importing
the
LDIF
file
.
.
.
.
.
.
.
.
. 112
Appendix
C.
Uninstalling
Tivoli
Provisioning
Manager
.
.
.
.
.
.
.
. 113
Uninstalling
using
the
graphical
uninstaller
.
.
. 113
Uninstalling
using
the
silent
uninstaller
.
.
.
. 114
Uninstalling
using
the
response
file
template
114
Recording
an
uninstallation
.
.
.
.
.
.
.
. 114
Specifying
response
file
values
.
.
.
.
.
. 115
Uninstall
using
the
console
mode
.
.
.
.
.
.
. 116
Files
remaining
after
uninstallation
.
.
.
.
.
. 117
Appendix
D.
Installing
Behind
a
Firewall
.
.
.
.
.
.
.
.
.
.
.
.
.
. 119
Appendix
E.
Installation
log
files
.
.
. 121
Prerequisite
software
—
graphical
installer
process
121
Prerequisite
software
.
.
.
.
.
.
.
.
.
. 121
WebSphere
Application
Server
.
.
.
.
.
.
. 121
Tivoli
Provisioning
Manager
.
.
.
.
.
.
.
. 121
Silent
installer
process
.
.
.
.
.
.
.
.
.
. 121
Information
required
to
solve
silent
installation
problems
.
.
.
.
.
.
.
.
.
.
.
.
.
. 122
Tivoli
Provisioning
Manager
start
log
.
.
.
.
. 122
Tivoli
Provisioning
Manager
uninstallation
logs
122
The
next
step
.
.
.
.
.
.
.
.
.
.
.
.
. 122
Notices
.
.
.
.
.
.
.
.
.
.
.
.
.
. 123
Trademarks
.
.
.
.
.
.
.
.
.
.
.
.
.
. 124
Contents
v
vi
Tivoli
Provisioning
Manager
Installation
Guide
Preface
This
installation
guide
provides
information
on
how
to
install
and
configure
Tivoli®
Provisioning
Manager
on
Microsoft
Windows
operating
system.
It
is
intended
for
system
administrators
or
for
anyone
else
responsible
for
performing
installation
and
configuration
tasks.
Publications
Read
the
descriptions
of
the
Tivoli
Provisioning
Manager
library,
the
prerequisite
publications,
and
the
related
publications
to
determine
which
publications
you
might
find
helpful.
After
you
determine
the
publications
you
need,
refer
to
the
instructions
for
accessing
publications
online.
Tivoli
Provisioning
Manager
library
The
publications
in
the
Tivoli
Provisioning
Manager
library
include:
v
Tivoli
Provisioning
Manager
Installation
Guide
v
Tivoli
Provisioning
Manager
Migration
Guide
v
Tivoli
Provisioning
Manager
Release
Notes
v
Tivoli
Provisioning
Manager
Problem
Determination
Guide
The
remaining
product
documentation
is
available
in
the
online
help,
which
can
be
launched
from
the
Web
interface
for
the
product.
To
enable
ease
of
printing
for
help
topics,
books
have
been
created
directly
from
the
online
help
contents.
The
topics
have
been
grouped
and
the
following
PDFs
have
been
created:
v
Workflow
Developer’s
Guide:
This
document
contains
the
online
help
topics
relating
to
creating
workflows
and
automation
packages.
v
Tivoli
Provisioning
Manager
Online
Help:
This
contains
the
entire
online
help.
Prerequisite
publications
To
use
the
information
in
this
book
effectively,
you
must
have
some
prerequisite
knowledge,
which
you
can
obtain
from
the
following
publications:
v
WebSphere®
Application
Server
Information
Center
,
available
from
www.ibm.com/websphere.
You
can
also
download
the
WebSphere
Application
Server
documentation
plug-in
and
install
it
in
the
Tivoli
Provisioning
Manager.
This
will
allow
you
to
view
the
WebSphere
Application
Server
documentation
in
the
same
Information
Center
as
the
Tivoli
Provisioning
Manager
help.
v
DB2
Universal
Database™
Information
Center,
available
from
www.ibm.com/db2.
v
IBM
Directory
Server
documentation.,
available
from
the
Tivoli
Software
Information
Library
The
instructions
in
this
book
provide
information
on
installing
and
configuring
the
bundled
(packaged)
software
to
work
with
Tivoli
Provisioning
Manager.
This
book
does
not
document
how
to
install
and
configure
third-party
software
supported
by
Tivoli
Provisioning
Manager,
such
as
Oracle9i
Database
and
Microsoft
Active
Directory.
The
exception
to
this
are
steps
that
require
specific
settings
or
configuration
to
configure
that
software
for
Tivoli
Provisioning
Manager.
©
Copyright
IBM
Corp.
2003,
2004
vii
Because
every
datacenter
and
environment
is
unique,
it
is
expected
that
users
following
the
instructions
in
this
book
have
the
necessary
prerequisite
knowledge
to
install,
configure
and
administer
this
software
in
their
unique
environment.
Related
publications
and
resources
Information
related
to
Tivoli
Provisioning
Manager
is
available
in
the
following
locations:
v
The
IBM
Orchestration
and
Provisioning
Automation
Library
is
available
online
at:
http://www.developer.ibm.com/tivoli/workflow.html.
The
IBM
Orchestration
and
Provisioning
Automation
Library
delivers
the
tools
and
community
you
need
to
build
your
business
around
on
demand
automation.
New
workflows
and
automation
packages
and
updated
readme
files
for
automation
packages
shipped
with
Tivoli
Provisioning
Manager
will
be
posted
to
the
IBM
Orchestration
and
Provisioning
Automation
Library.
This
site
will
also
contain
the
most
up-to-date
information
about
the
full
list
of
available
workflows.
Note:
Many
workflows
cannot
be
categorized
by
platform,
for
example
the
network
devices
and
storage
workflows.
However,
the
workflow
for
each
readme
will
document
any
platform-specific
information.
v
The
IBM
On
Demand
Automation
Catalog
is
available
online
at
http://www.ibm.com/software/ondemandcatalog/automation.
This
site
is
a
resource
for
partners
who
wish
to
develop
workflows
to
be
put
into
the
Orchestration
and
Provisioning
Library.
v
Red
books
related
to
Tivoli
Provisioning
Manager
are
available
at
www.redbooks.ibm.com
v
The
Tivoli
Software
Library
provides
a
variety
of
Tivoli
publications
such
as
white
papers,
data
sheets,
demonstrations,
Red
books,
and
announcement
letters.
The
Tivoli
Software
Library
is
available
on
the
Web
at:
http://www.ibm.com/software/tivoli/library/
v
The
Tivoli
Software
Glossary
includes
definitions
for
many
of
the
technical
terms
related
to
Tivoli
software.
The
Tivoli
Software
Glossary
is
available,
in
English
only,
from
the
Glossary
link
on
the
left
side
of
the
Tivoli
Software
Library
Web
page
http://www.ibm.com/software/tivoli/library/
Accessing
publications
online
The
publications
for
this
product
are
available
online
in
Portable
Document
Format
(PDF)
in
the
Tivoli
software
library:
http://www.ibm.com/software/tivoli/library
To
locate
product
publications
in
the
library,
click
the
Product
manuals
link
on
the
left
side
of
the
library
page.
Then,
locate
and
click
the
name
of
the
product
on
the
Tivoli
software
information
center
page.
Product
publications
include
release
notes,
installation
guides,
user’s
guides,
administrator’s
guides,
and
developer’s
references.
Note:
To
ensure
proper
printing
of
publications,
select
the
Fit
to
page
check
box
in
the
Adobe
Acrobat
window
(which
is
available
when
you
click
File
→
Print).
In
addition
to
accessing
the
publications,
you
can
also
access
the
online
help
which
is
shipped
with
Tivoli
Provisioning
Manager.
The
online
help
is
available
at
the
external
IBM
Tivoli
Information
Center,
located
at:
http://publib.boulder.ibm.com/infocenter/tivihelp/index.jsp.
viii
Tivoli
Provisioning
Manager
Installation
Guide
Accessibility
Accessibility
features
help
a
user
who
has
a
physical
disability,
such
as
restricted
mobility
or
limited
vision,
to
use
software
products
successfully.
With
this
product,
you
can
use
assistive
technologies
to
hear
and
navigate
the
interface.
You
also
can
use
the
keyboard
instead
of
the
mouse
to
operate
all
features
of
the
graphical
user
interface.
Contacting
Software
Support
Before
contacting
IBM
Tivoli
Software
Support
with
a
problem,
refer
to
the
IBM
Tivoli
Software
Support
site
by
clicking
the
Tivoli
support
link
at
the
following
Web
site:
http://www.ibm.com/software/support/
If
you
need
additional
help,
contact
Software
Support
by
using
the
methods
described
in
the
IBM
Software
Support
Guide
at
the
following
Web
site:
http://techsupport.services.ibm.com/guides/handbook.html
The
guide
provides
the
following
information:
v
Registration
and
eligibility
requirements
for
receiving
support
v
Telephone
numbers,
depending
on
the
country
in
which
you
are
located
v
A
list
of
information
you
should
gather
before
contacting
Software
Support
Conventions
used
in
this
book
This
book
uses
the
following
highlighting
conventions:
Boldface
type
Indicates
commands
or
graphical
user
interface
(GUI)
controls
such
as
names
of
fields,
icons,
or
menu
choices.
Monospace
type
Indicates
examples
of
text
you
enter
exactly
as
shown,
file
names,
and
directory
paths
and
names.
Italic
type
Used
to
emphasize
words.
Italics
also
indicate
names
for
which
you
must
substitute
the
appropriate
values
for
your
system.
Important
These
sections
highlight
especially
important
information.
Attention
These
sections
highlight
information
intended
to
protect
your
data.
2000
Indicates
information
specific
to
Windows
2000
2003
Indicates
information
specific
to
Windows
Server
2003
Knowledge
requirements
This
book
should
be
read
by
system
administrators
or
anyone
else
responsible
for
installing
and
configuring
Tivoli
Provisioning
Manager.
Preface
ix
People
who
are
installing
and
configuring
Tivoli
Provisioning
Manager
should
have
knowledge
in
the
following
areas:
v
Windows®
2000
Server
or
Windows
Server
2003
v
Basic
operating
system
commands
v
DB2
Universal
Database
Enterprise
Server
Edition
or
Oracle9i
Database
operation,
configuration,
and
maintenance
v
WebSphere
Application
Server
v
Basic
SQL
commands
v
Java™
programming
v
XML
v
The
Internet
Refer
to
the
online
help
for
more
information
on
configuring
and
administering
Tivoli
Provisioning
Manager.
x
Tivoli
Provisioning
Manager
Installation
Guide
Part
1.
About
Tivoli
Provisioning
Manager
This
book
describes
how
to
install
and
configure
Tivoli
Provisioning
Manager
for
Windows.
It
is
intended
for
system
administrators
or
for
anyone
else
responsible
for
performing
installation
and
configuration
tasks.
Use
this
book
to
install
Tivoli
Provisioning
Manager
as
follows:
1.
Review
Part
2,
“Planning
your
Tivoli
Provisioning
Manager
installation,”
on
page
9.
This
part
of
the
book
provides
planning
information
to
help
you
decide
which
software
stack
you
will
use
with
Tivoli
Provisioning
Manager
and
what
topology
you
will
use
for
your
installation.
It
is
strongly
recommended
that
you
review
Chapter
3,
“Supported
topologies,”
on
page
15
carefully
to
understand
what
is
required
for
the
topology
you
want
to
use
for
Tivoli
Provisioning
Manager.
2.
Before
you
start
the
installation,
complete
the
tasks
outlined
in
Part
3,
“Installing
and
configuring
the
prerequisites,”
on
page
27.
This
part
of
the
book
contains
information
on
how
to
use
database
servers
or
Web
servers
other
than
those
installed
by
the
Tivoli
Provisioning
Manager
installation
wizard.
3.
Once
you
have
satisfied
all
the
prerequistes
you
are
ready
to
install
Tivoli
Provisioning
Manager
as
described
in
Part
4,
“Installing
Tivoli
Provisioning
Manager,”
on
page
61.
4.
At
this
point,
your
installation
of
Tivoli
Provisioning
Manager
is
complete,
review
Part
5,
“Post-installation
tasks,”
on
page
85
to
decide
on
how
to
continue.
Some
additional
configuration
may
be
required
depending
on
which
options
you
selected
during
installation.
©
Copyright
IBM
Corp.
2003,
2004
1
2
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
1.
Software
provided
with
Tivoli
Provisioning
Manager
The
following
CDs
are
packaged
with
Tivoli
Provisioning
Manager.
If
a
CD
contains
more
than
one
software
product
or
fix,
the
CD
contents
are
listed.
This
chapter
divides
the
packages
into
two
groups:
1.
The
Tivoli
Provisioning
Manager
CD
sets:
All
CDs
required
to
install
and
configure
core
Tivoli
Provisioning
Manager
functionality.
2.
The
Tivoli
Data
Warehouse
CD
sets:
All
CDs
required
to
install
and
configure
Tivoli
Data
Warehouse
and
the
Warehouse
Enablement
Package,
which
provides
the
reporting
functionality
in
Tivoli
Provisioning
Manager.
Tivoli
Provisioning
Manager
package
All
CDs
required
to
install
and
configure
core
Tivoli
Provisioning
Manager
functionality:
Tivoli
Provisioning
Manager,
Version
2.1This
CD
contains:
v
Tivoli
Provisioning
Manager
installation
code
for
all
supported
languages
and
platforms
v
Tivoli
GUID
Tivoli
Provisioning
Manager,
Version
2.1,
NetView
Server
7.1.4
This
CD
contains
the
installation
code
for
the
optional
IBM
Tivoli
NetView
7.1.4
software.
The
following
versions
of
the
CD
are
provided:
v
Tivoli
Provisioning
Manager,
Version
2.1,
NetView
Server
for
Windows
v
Tivoli
Provisioning
Manager,
Version
2.1,
NetView
Server
for
Linux
v
Tivoli
Provisioning
Manager,
Version
2.1,
NetView
Server
for
UNIX
(Solaris,
AIX)
Tivoli
Provisioning
Manager,
Version
2.1
Prerequisite
Software
Installer
This
CD
contains
an
installation
wizard
which
will
guide
you
through
the
installation
of
the
following
software
prerequisites
on
all
supported
platforms:
v
IBM®
DB2
Universal
Database
8.1.3
v
Tivoli
Directory
Server
Version
5.2
v
WebSphere
Application
Server
5.1
Tivoli
Provisioning
Manager,
Version
2.1
Generic
Fixes
This
CD
contains:
v
WebSphere
Embedded
Messaging
interim
fix
IC38409
for
WebSphere
Application
Server
V5.1
v
WebSphere
Application
Server
5.1
fixes
from
Cumulative
Fix
3.
Only
those
fixes
applying
to
the
platforms
Tivoli
Provisioning
Manager
supports
have
been
extracted
from
Cumulative
Fix
3
and
supplied
on
this
CD
v
IBM
Tivoli
Directory
Server
Fix.
This
is
a
file
called
v3.ibm.at.
WebSphere
Application
Server
5.1
This
CD
contains
the
installation
image
for
the
Application
Server
code.
The
following
versions
of
the
CD
are
provided:
v
WebSphere
Application
Server
5.1,
Windows
2000
and
Windows
2003
v
WebSphere
Application
Server
5.1,
AIX
©
Copyright
IBM
Corp.
2003,
2004
3
v
WebSphere
Application
Server
5.1,
Solaris
v
WebSphere
Application
Server
5.1,
Linux
v
WebSphere
Application
Server
5.1,
Linux
on
iSeries
and
pSeries
WebSphere
Application
Server,
Application
Client
Components
These
CDs
contains
the
Application
Client
code.
This
CD
is
not
required
for
Tivoli
Provisioning
Manager.
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
This
CD
contains
the
installation
image
for
the
database
server
code.
The
following
versions
of
the
CD
are
provided:
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
for
Windows
operating
system
on
32–bit
systems.
Contains
installation
images
for
English,
single
byte
character
set
languages,
double
byte
character
set
languages
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
for
AIX
5L
on
32–bit
systems.
Contains
installation
images
for
English
and
single
byte
character
set
languages.
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
for
AIX
5L
on
32–bit
systems.
Contains
installation
images
for
English,
and
Japanese.
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
for
AIX
5L
on
32–bit
systems.
Contains
installation
images
for
English,
and
Korean.
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
for
AIX
5L
on
32–bit
systems.
Contains
installation
images
for
English,
and
Simplified
Chinese.
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
for
AIX
5L
on
32–bit
systems.
Contains
installation
images
for
English,
and
Traditional
Chinese.
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
for
Linux
on
Intel
on
32–bit
systems.
Contains
installation
images
for
English,
single
byte
character
set
languages,
and
double
byte
character
set
languages.
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
for
Solaris
Operating
Environments
on
32–bit
systems.
Contains
installation
images
for
English,
single
byte
character
set
languages,
and
double
byte
character
set
languages.
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
for
Linux
iSeries
and
pSeries
on
32-bit
systems.
Contains
installation
images
for
English,
single
byte
character
set
languages,
and
double
byte
character
set
languages.
DB2
Administration
Client
Component,
Version
8.1
This
CD
contains
the
installation
image
for
the
DB2
administration
client
code.
The
following
versions
of
the
CD
are
provided:
v
DB2
Administration
Client,
Version
8.1
for
Windows
operating
systems
on
32–bit
systems.
Contains
installation
images
for
English,
single
byte
character
set
languages,
double
byte
character
set
languages
v
DB2
Administration
Client,
Version
8.1
for
AIX
5L
32
on
32–bit
and
64–bit
systems.
Contains
installation
images
for
English,
single
byte
character
set,
and
Nordic
languages.
v
DB2
Administration
Client,
Version
8.1
for
AIX
5L
32
on
32–bit
and
64–bit
systems.
Contains
installation
images
for
English
and
Japanese.
4
Tivoli
Provisioning
Manager
Installation
Guide
v
DB2
Administration
Client,
Version
8.1
for
AIX
5L
32
on
32–bit
and
64–bit
systems.
Contains
installation
images
for
English
and
Korean.
v
DB2
Administration
Client,
Version
8.1
for
AIX
5L
32
on
32–bit
and
64–bit
systems.
Contains
installation
images
for
English
and
Simplified
Chinese.
v
DB2
Administration
Client,
Version
8.1
for
AIX
5L
32
on
32–bit
and
64–bit
systems.
Contains
installation
images
for
English
and
Traditional
Chinese.
v
DB2
Administration
Client,
Version
8.1
for
Linux
on
Intel
on
32–bit
systems.
Contains
installation
images
for
English,
single
byte
character
set
languages,
and
double
byte
character
set
languages.
v
DB2
Administration
Client,
Version
8.1
for
the
Solaris
Operating
Environment
on
32–bit
and
64–bit
systems.
Contains
installation
images
for
English,
single
byte
character
set
languages,
and
double
byte
character
set
languages.
v
DB2
Administration
Client,
Version
8.1
for
Windows
operating
systems
on
64–bit
systems.
Contains
the
Administration
Client
installation
images
for
Windows
Server
2003
and
Windows
XP
operating
systems
for
English,
single
byte
character
set
languages,
double
byte
character
set
languages
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
DB2
Administration
Client
Component,
Version
8.1
for
Linux
Intel
(64–bit).
Contains
installation
images
for
English,
single
byte
character
set
languages,
and
double
byte
character
set
languages.
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
DB2
Administration
Client
Component,
Version
8.1
for
Linux
iSeries
and
pSeries.
Contains
32–bit
installation
images
for
English,
single
byte
character
set
languages,
and
double
byte
character
set
languages.
DB2
Run-time
Client
Version
8.1
This
CD
contains
the
installation
image
for
the
database
runtime
client
code.
This
CD
is
not
required
for
Tivoli
Provisioning
Manager.
DB2
V8.1
Fixpack
3
This
CD
contains
the
installation
code
for
Fix
pack
3,
to
be
applied
to
DB2
UDB
Workgroup
Server
Unlimited
Edition.
The
following
versions
of
the
CD
are
provided:
v
DB2
V.8.1
Fixpack-3-WR21324
for
Windows
—
Fix
pack
3
for
the
DB2
server
v
DB2
V.8.1
Fixpack-3
for
Windows-Administration
Client
—
Fix
pack
3
for
the
DB2
Administration
client
v
DB2
V.8.1
Fixpack-3-U488481
for
AIX
—
for
client
and
server
v
DB2
V.8.1
Fixpack-3-U488482
for
Solaris
—
for
client
and
server
v
DB2
V.8.1
Fixpack-3-MI00054
for
Linux
—
for
client
and
server
v
DB2
V.8.1
Fixpack-3-MI00056
for
Linux
iSeries
and
pSeries
—
for
client
and
server
Tivoli
Directory
Server
Version
5.2
This
CD
contains
the
installation
image
for
Tivoli
Directory
Server
Version
5.2.
The
following
versions
of
the
CD
are
provided:
v
Tivoli
Directory
Server
Version
5.2
for
Windows.
Contains
installation
images
for
English,
single
byte
character
set
languages,
double
byte
character
set
languages
v
Tivoli
Directory
Server
Version
5.2
for
AIX.
Contains
installation
images
for
English,
single
byte
character
set
,
and
double
byte
character
set
languages.
v
WebSphere
Application
Server
Version
5.1
Tivoli
Directory
Server
Version
5.2
for
AIX.
Contains
installation
images
for
Tivoli
Directory
Server
and
DB2
Universal
Database
Enterprise
Edition.
Chapter
1.
Software
provided
with
Tivoli
Provisioning
Manager
5
v
Tivoli
Directory
Server
Version
5.2
for
Solaris.
Contains
installation
images
for
English,
single
byte
character
set
languages,
and
double
byte
character
set
languages.
v
Tivoli
Directory
Server
Version
5.2
for
Linux.
Contains
installation
images
for
English,
single
byte
character
set
languages,
and
double
byte
character
set
languages.
v
Tivoli
Directory
Server
Version
5.2
for
Linux
iSeries
and
pSeries.
Contains
installation
images
for
English,
single
byte
character
set
languages,
and
double
byte
character
set
languages.
Tivoli
Data
Warehouse
package
This
section
lists
the
CDs
required
to
install
and
configure
Tivoli
Data
Warehouse
and
the
Warehouse
Enablement
Package.
Data
Warehouse
Version
1.2.0
This
CD
contains
the
installation
code
for
Tivoli
Data
Warehouse
for
all
platforms
and
languages.
Data
Warehouse
Documentation
Version
1.2.0
This
CD
contains
the
product
documentation.
DB2
Universal
Database
Enterprise
Edition
Version
7.2.10a
This
CD
contains
the
installation
code
for
the
version
of
DB2
supported
by
Tivoli
Data
Warehouse.
The
following
CDs
are
provided:
v
DB2
Universal
Database
Enterprise
Edition
for
Windows
Operating
Environments,
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.
Contains
the
English
and
single-byte
character
set
languages.
v
DB2
Universal
Database
Enterprise
Edition
for
Windows
Operating
Environments,
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.
Contains
the
English
and
double-byte
character
set
languages.
v
DB2
Universal
Database
Enterprise
Edition
for
AIX,
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.
Contains
the
English
and
single-byte
character
set
languages.
v
DB2
Universal
Database
Enterprise
Edition
for
AIX,
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.
Contains
the
Japanese
and
Korean
languages.
v
DB2
Universal
Database
Enterprise
Edition
for
AIX,
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.
Contains
the
Traditional
Chinese
and
Simplified
Chinese
languages.
v
DB2
Universal
Database
Enterprise
Edition
for
Solaris
Operating
Environments,
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.
Contains
the
single-byte
character
set
languages.
v
DB2
Universal
Database
Enterprise
Edition
for
Solaris
Operating
Environments,
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.
Contains
the
Japanese
and
Korean
languages.
v
DB2
Universal
Database
Enterprise
Edition
for
Solaris
Operating
Environments,
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.
Contains
the
Traditional
Chinese
and
Simplified
Chinese
languages.
DB2
Warehouse
Manager
The
following
versions
of
the
CD
are
provided:
v
DB2
Warehouse
Manager
for
Windows
NT/2000
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
the
single-byte
character
set
languages.
v
DB2
Warehouse
Manager
for
Windows
NT/2000
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
the
double-byte
character
set
languages.
6
Tivoli
Provisioning
Manager
Installation
Guide
v
DB2
Warehouse
Manager
for
AIX
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
English,
French
and
German
languages.
v
DB2
Warehouse
Manager
for
AIX
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
Italian,
Spanish,
and
Brazilian
Portugese.
v
DB2
Warehouse
Manager
for
AIX
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
Japanese
and
Korean
languages.
v
DB2
Warehouse
Manager
for
AIX
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
Traditional
Chinese
and
Simplified
Chinese.
v
DB2
Warehouse
Manager
for
Solaris
Operation
Environments,
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
single-byte
character
set
languages.
v
DB2
Warehouse
Manager
for
Solaris
Operation
Environments,
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
Japanese
and
Korean
languages.
v
DB2
Warehouse
Manager
for
Solaris
Operation
Environments,
Version
7.2.10a
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
Traditional
Chinese
and
Simplified
Chinese.
Crystal
Enterprise
9
for
Tivoli
Data
Warehouse
This
CD
contains
the
installation
code
for
Crystal
Enterprise
9
which
provides
the
reporting
functionality
in
Tivoli
Provisioning
Manager.
The
following
versions
of
the
CD
are
provided:
v
Crystal
Enterprise
9
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
the
English
language
version.
v
Crystal
Enterprise
9
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
the
German
language
version.
v
Crystal
Enterprise
9
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
the
French
language
version.
v
Crystal
Enterprise
9
for
Tivoli
Data
Warehouse
Version
1.2.0.
Contains
the
Japanese
language
version.
Chapter
1.
Software
provided
with
Tivoli
Provisioning
Manager
7
8
Tivoli
Provisioning
Manager
Installation
Guide
Part
2.
Planning
your
Tivoli
Provisioning
Manager
installation
This
section
provides
information
to
help
you
plan
your
configuration
of
Tivoli
Provisioning
Manager.
Review
all
of
the
information
in
this
section
before
continuing
with
your
installation
of
Tivoli
Provisioning
Manager.
This
section
contains
the
following
chapters:
v
Chapter
2,
“Supported
hardware
and
software,”
on
page
11
v
Chapter
3,
“Supported
topologies,”
on
page
15
v
Chapter
4,
“Installation
CDs
needed
by
topology,”
on
page
21
©
Copyright
IBM
Corp.
2003,
2004
9
10
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
2.
Supported
hardware
and
software
Tivoli
Provisioning
Manager
requires
a
number
of
supporting
software
applications
to
be
installed.
The
software
applications
supported
byTivoli
Provisioning
Manager
are
listed
in
this
chapter.
Note:
In
all
topologies,
all
nodes
must
be
running
the
same
operating
system
at
the
same
level,
with
the
exception
of
the
specific
configuration
limitations
noted
in
“Configuration
limitations”
on
page
15..
Supported
database
servers
The
following
database
servers
are
supported
by
Tivoli
Provisioning
Manager:
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
with
Fix
Pack
3
v
2000Solaris
Oracle9i
Database
Release
2
Enterprise
Edition
with
fix
pack
1
Database
servers
not
listed
here
are
not
supported
for
use
as
the
database
server
for
Tivoli
Provisioning
Manager—
this
includes
versions
or
editions
of
DB2
Universal
Database
not
listed.
Supported
application
servers
Tivoli
Provisioning
Manager
requires
WebSphere
Application
Server
5.1
with
cumulative
fix
3
and
IC38409.
Supported
LDAP
servers
The
following
LDAP
servers
are
supported
by
Tivoli
Provisioning
Manager:
v
Tivoli
Directory
Server
Version
5.2
v
Microsoft
Active
Directory
Supported
Web
browsers
You
can
only
access
the
Tivoli
Provisioning
Manager
Web
user
interface
using
Microsoft®
Internet
Explorer
6.0
from
a
machine
running
a
Windows
operating
system
on
the
same
network
as
your
Tivoli
Provisioning
Manager
machine.
You
must
use
Internet
Explorer
full
version
6.0
(also
known
as
Internet
Explorer
6.0
Service
Pack
1
and
Internet
Tools)
or
later
with
the
latest
critical
security
updates
from
Microsoft.
You
can
access
the
Tivoli
Provisioning
Manager
information
center
using
Microsoft
Internet
Explorer
Version
6.0
or
higher,
or
Netscape
Navigator
Version
6.0
or
higher.
©
Copyright
IBM
Corp.
2003,
2004
11
Supported
operating
environments
This
section
lists
the
operating
environment
requirements
for
Tivoli
Provisioning
Manager.
Ensure
each
machine
in
your
Tivoli
Provisioning
Manager
configuration
meets
the
minimum
requirements
for
each
of
the
software
packages
you
plan
on
installing
on
that
machine.
For
complete
details
about
the
prerequisites
for
each
software
application,
refer
to
that
product’s
documentation,
as
described
in
“Prerequisite
publications”
on
page
vii.
The
following
operating
environments
are
supported
by
Tivoli
Provisioning
Manager:
v
AIX
5.2
v
Solaris
8
v
Solaris
9
v
Windows
2000
Server
v
Windows
Server
2003
Standard
Edition
v
Red
Hat
Advanced
Server
2.1
(IA32)
v
SLES
8
for
iSeries
Power
PC
Note:
Specific
fix
levels
or
operating
environment
packages
required
by
Tivoli
Provisioning
Manager
are
documented
later
in
this
documented
as
part
of
the
system
prerequisites.
Supported
hardware
This
section
lists
the
hardware
requirements
for
Tivoli
Provisioning
Manager.
Note:
This
does
not
include
the
hardware
requirements
for
other
software
components
such
as
WebSphere
Application
Server,
DB2
Universal
Database,
and
Tivoli
Directory
Server
which
may
be
different.
Ensure
each
machine
in
your
Tivoli
Provisioning
Manager
configuration
meets
the
minimum
requirements
for
each
of
the
software
packages
you
plan
on
installing
on
that
machine.
For
complete
details
about
the
prerequisites
for
each
software
application,
refer
to
the
documentation
for
that
product,
as
described
in
“Prerequisite
publications”
on
page
vii
IBM
Compatible
PC
with
Microsoft
Windows
2000
or
2003
Server:
v
2.8
GHz
Intel
Pentium
4
processor
or
equivalent
v
Minimum
4GB
of
free
memory
v
Minimum
20
GB
of
free
disk
space
v
CD-ROM
drive
2000AIX
IBM
pSeries
with
AIX
5.2:
v
1
GHz
CPU
v
Minimum
4GB
of
free
memory
v
Minimum
20
GB
of
free
disk
space
v
CD-ROM
drive
2000Solaris
Sun
SPARC
or
x86
Server
with
Solaris
8
and
9:
v
1
GHz
CPU
v
Minimum
4GB
RAM
12
Tivoli
Provisioning
Manager
Installation
Guide
v
Minimum
20
GB
free
disk
space
v
CD-ROM
drive
IBM
Compatible
PC
with
Red
Hat
Linux
Advanced
Server
2.1:
v
2.8
GHz
Intel
Pentium
4
processor
or
equivalent
v
Minimum
4GB
of
free
memory
v
Minimum
20
GB
of
free
disk
space
v
CD-ROM
drive
iSeries
Models
that
support
LPAR
with
minimum
450CPW
in
Linux
partition:
v
Minimum
4GB
RAM
v
Minimum
20
GB
free
disk
space
v
CD-ROM
drive
Chapter
2.
Supported
hardware
and
software
13
14
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
3.
Supported
topologies
This
chapter
describes
supported
topologies
for
Tivoli
Provisioning
Manager
and
the
supporting
software,
such
as
the
database
server
and
the
Web
server.
The
configurations
described
in
this
chapter
apply
to
all
platforms,
with
exceptions
and
limitations
being
clearly
identified.
Note:
In
all
topologies,
all
nodes
must
be
running
the
same
operating
system,
with
the
following
exceptions:
v
The
directory
server,
when
installed
on
a
server
that
does
not
have
any
other
Tivoli
Provisioning
Manager
software
installed
(for
example
WebSphere
Application
Server
or
DB2
Universal
Database
Workgroup
Server
Unlimited
Edition),
does
not
need
to
be
running
the
same
operating
system
as
the
Tivoli
Provisioning
Manager
server.
The
only
exception
to
this
occurs
on
Windows
with
Microsoft
Active
Directory.
If
Microsoft
Active
Directory
is
your
directory
server,
all
Tivoli
Provisioning
Manager
servers
must
be
running
on
Windows.
v
The
specific
configuration
limitations
noted
in
“Configuration
limitations”
on
page
15.
In
this
chapter
the
following
terms
are
used:
database
node
A
node
in
a
topology
that
only
contains
the
database
server
used
by
Tivoli
Provisioning
Manager.
LDAP
server
node
A
node
in
a
topology
that
only
contains
the
LDAP
server
used
byTivoli
Provisioning
Manager.
Tivoli
Provisioning
Manager
node
A
node
in
a
topology
that
contains
the
Tivoli
Provisioning
Manager
server.
While
the
node
may
also
contain
the
database
server
or
WebSphere
Application
Server,
depending
on
the
topology,
if
a
node
contains
the
Tivoli
Provisioning
Manager
server,
it
is
referred
to
as
the
Tivoli
Provisioning
Manager
node.
Important
The
instructions
in
this
section
are
meant
as
a
general
outline
only
to
provide
information
for
planning
purposes.
Detailed
instructions
are
provided
later
in
this
book.
For
specific
information
on
how
to
configure
non-IBM
software
or
pre-installed
IBM
software
for
use
with
Tivoli
Provisioning
Manager,
refer
to
Part
3,
“Installing
and
configuring
the
prerequisites,”
on
page
27.
Configuration
limitations
There
are
two
limitations
which
will
restrict
how
Tivoli
Provisioning
Manager
can
be
configured.
1.
On
AIX
5.2,
Tivoli
Directory
Server,
Version
5.2
does
not
support
IBM
DB2
Universal
Database
8.1.3,
Workgroup
Server
Unlimited
Edition
.
Tivoli
©
Copyright
IBM
Corp.
2003,
2004
15
Directory
Server
only
supports
DB2
Universal
Database
8.1,
Enterprise
Edition
on
AIX
5.2.
As
a
result,
if
you
are
planning
to
use
the
AIX
operating
environment
for
your
Tivoli
Provisioning
Manager
system,
you
must
either:
v
Install
Tivoli
Directory
Server
5.2
on
a
separate
AIX
5.2
machine
and
use
DB2
Universal
Database
8.1,
Enterprise
Edition
as
the
database
for
Tivoli
Directory
Server
5.2.
A
separate
CD
is
provided
for
installing
Tivoli
Directory
Server
and
DB2
Universal
Database
8.1,
Enterprise
Edition
in
this
situation.
This
CD
is
called
WebSphere
Application
Server
Version
5.1
AIX
Tivoli
Directory
Server
5.2.
The
part
number
on
the
CD
is:
C279KML.
Tivoli
Provisioning
Manager
continues
to
use
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition
as
its
database
server.
v
Install
Tivoli
Directory
Server
5.2
on
a
separate
server
running
a
platform
other
than
AIX
5.2.
In
this
scenario,
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition
is
supported
as
the
database
server
for
Tivoli
Directory
Server
5.2.2.
Tivoli
Directory
Server
5.2
does
not
support
Red
Hat
Enterprise
Linux
Advanced
Server
2.1.
Customers
using
Linux
on
Intel
as
their
operating
environment
must
install
Tivoli
Directory
Server
5.2
on
a
separate
server
running
a
platform
other
than
Linux
on
Intel,
noting
the
AIX
5.2
restriction
above.
One-node
topology
In
a
one-node
topology,
Tivoli
Provisioning
Manager
and
the
supporting
software
are
installed
on
a
single
machine.
This
includes
Tivoli
Provisioning
Manager,
the
database
server,
WebSphere
Application
Server,
and
the
LDAP
server.
The
prerequisite
and
supported
software
should
be
installed
on
the
machine
as
indicated
in
the
following
chart.
On
the
Tivoli
Provisioning
Manager
node
v
System
prerequisites
as
described
in
Chapter
5,
“Installing
and
configuring
the
system
prerequisites,”
on
page
29.
v
WebSphere
Application
Server
5.1,
plus
fixes
located
on
the
Tivoli
Provisioning
Manager
Generic
Fixes
CD
v
One
of:
–
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition
8.1
–
2000Solaris
Oracle
Database
9.2.0.1.0,
Enterprise
Edition
or
Standard
Edition
v
DB2
Universal
Database
Fix
Pack
3
—
applied
to
the
DB2
server
only
v
One
of:
–
Tivoli
Directory
Server
5.2
client
and
server,
plus
fixes
located
on
the
Tivoli
Provisioning
Manager
Generic
Fixes
CD
–
2000Windows
Microsoft
Active
Directory
v
Tivoli
Provisioning
Manager
v
IBM
Tivoli
NetView
(optional)
Not
supported
on
Linux
on
iSeries
16
Tivoli
Provisioning
Manager
Installation
Guide
Limitation
This
configuration
is
supported
only
on
Windows,
Solaris
and
SUSE
Linux
Enterprise
Server
8
for
Linux
on
iSeries.
A
one-node
configuration
is
not
supported
on
AIX
5.2
or
Red
Hat
Enterprise
Linux
Advanced
Server
2.1.
Two-node
topology
There
are
two
different
configurations
supported
in
a
two-node
topology.
These
configurations
are
described
in
the
sections
below.
Remote
directory
server
configuration
In
this
two-node
configuration,
only
the
LDAP
server
is
installed
on
a
separate
machine.
All
other
software
applications
are
installed
on
the
Tivoli
Provisioning
Manager
server
machine.
The
prerequisite
and
supported
software
should
be
installed
on
the
two
nodes
as
indicated
in
the
following
chart.
On
the
Tivoli
Provisioning
Manager
node
On
the
LDAP
server
node
v
System
prerequisites
as
described
in
Chapter
5,
“Installing
and
configuring
the
system
prerequisites,”
on
page
29.
v
WebSphere
Application
Server
5.1,
plus
fixes
located
on
the
Tivoli
Provisioning
Manager
Generic
Fixes
CD
v
One
of:
–
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition
8.1
–
2000Solaris
Oracle
Database
9.2.0.1.0,
Enterprise
Edition
or
Standard
Edition
v
DB2
Universal
Database
Fix
Pack
3
—
applied
to
the
DB2
server
only
v
Tivoli
Directory
Server
5.2
client
v
Tivoli
Provisioning
Manager
v
IBM
Tivoli
NetView
(optional).
Note:
IBM
Tivoli
NetView
is
not
supported
on
iSeries
Linux
v
One
of:
–
Tivoli
Directory
Server
5.2,
plus
fixes
located
on
the
Tivoli
Provisioning
Manager
Generic
Fixes
CD
–
2000Windows
Microsoft
Active
Directory
v
2000AIX
DB2
Universal
Database
8.1,
Enterprise
Edition
—
if
installing
Tivoli
Directory
Server
5.2
on
AIX.
As
noted
earlier,
the
LDAP
server
does
not
need
to
be
running
the
same
operating
environment
as
the
Tivoli
Provisioning
Manager
server.
Chapter
3.
Supported
topologies
17
Limitation
These
limitations
apply:
v
If
Microsoft
Active
Directory
is
your
directory
server,
the
Tivoli
Provisioning
Manager
server
must
also
be
running
on
Windows.
v
If
you
wish
to
use
the
AIX
5.2
operating
environment
for
your
Tivoli
Directory
Server
5.2
server,
you
must
use
also
install
DB2
Universal
Database
8.1,
Enterprise
Edition
on
the
Tivoli
Directory
Server
5.2
server
as
the
database
for
Tivoli
Directory
Server
5.2.
A
separate
CD
is
provided
for
installing
Tivoli
Directory
Server
and
DB2
Universal
Database
8.1,
Enterprise
Edition
in
this
situation.
This
CD
is
called
WebSphere
Application
Server
Version
5.1
AIX
Tivoli
Directory
Server
5.2.
The
part
number
on
the
CD
is:
C279KML.
Install
Tivoli
Directory
Server
and
DB2
Universal
Database
8.1,
Enterprise
Edition
according
to
the
instructions
provided
in
the
Tivoli
Directory
Server
documentation.
v
Tivoli
Directory
Server
5.2
does
not
support
Red
Hat
Enterprise
Linux
Advanced
Server
2.1.
Customers
using
Linux
on
Intel
as
their
operating
environment
for
the
Tivoli
Provisioning
Manager
server
must
install
Tivoli
Directory
Server
5.2
on
a
server
running
a
platform
other
than
Linux
on
Intel,
noting
the
AIX
5.2
restriction
above.
Remote
database
and
directory
server
configuration
In
this
two-node
configuration,
both
the
database
server
and
LDAP
directory
server
are
installed
on
a
second
machine.
All
other
software
applications
are
installed
on
the
Tivoli
Provisioning
Manager
server
machine.
The
prerequisite
and
supported
software
should
be
installed
on
the
two
nodes
as
indicated
in
the
following
chart.
On
the
Tivoli
Provisioning
Manager
node
On
the
database
and
directory
server
node
v
System
prerequisites
as
described
in
Chapter
5,
“Installing
and
configuring
the
system
prerequisites,”
on
page
29.
v
WebSphere
Application
Server
5.1,
plus
fixes
located
on
the
Tivoli
Provisioning
Manager
Generic
Fixes
CD
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition
8.1,
Administration
Client
v
DB2
Universal
Database
Fix
Pack
3
—
applied
to
the
DB2
Administration
client
only
v
Tivoli
Directory
Server
5.2
client
v
Tivoli
Provisioning
Manager
v
IBM
Tivoli
NetView
(optional)
v
One
of:
–
Tivoli
Directory
Server
5.2,
plus
fixes
located
on
the
Tivoli
Provisioning
Manager
Generic
Fixes
CD
–
2000Windows
Microsoft
Active
Directory
v
One
of:
–
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition
8.1
–
2000Solaris
Oracle
Database
9.2.0.1.0,
Enterprise
Edition
or
Standard
Edition
v
DB2
Universal
Database
Fix
Pack
3
—
applied
to
the
DB2
server
only
As
noted
earlier,
the
database
server
must
be
running
the
same
operating
environment
as
the
Tivoli
Provisioning
Manager
server,
with
the
exception
of
the
limitations
noted
below.
18
Tivoli
Provisioning
Manager
Installation
Guide
Limitation
These
limitations
apply:
v
If
Microsoft
Active
Directory
is
your
directory
server,
the
Tivoli
Provisioning
Manager
server
must
also
be
running
on
Windows.
v
This
two-tier
configuration
is
not
supported
on
AIX
5.2,
due
to
the
Tivoli
Directory
Server
limitation
on
AIX
which
requires
the
database
server
to
be
DB2
Universal
Database
Enterprise
Edition.
DB2
Universal
Database
Enterprise
Edition
and
DB2
Universal
Database
Workgroup
Server
Unlimited
Edition
cannot
co-exist
on
the
same
machine.
v
This
two-tier
configuration
is
not
supported
on
Red
Hat
Enterprise
Linux
Advanced
Server
2.1,
because
the
Tivoli
Provisioning
Manager
and
the
database
server
must
be
running
on
the
same
operating
environment.
Tivoli
Directory
Server
5.2
does
not
support
Red
Hat
Enterprise
Linux
Advanced
Server
2.1.
Three-node
topology
In
a
three-node
topology,
Tivoli
Provisioning
Manager
is
installed
on
one
node,
the
database
server
is
installed
on
a
second
node,
and
the
LDAP
server
is
installed
on
a
third
node.
On
the
Tivoli
Provisioning
Manager
node
On
the
database
server
node
On
the
LDAP
server
node
v
System
prerequisites
as
described
in
Chapter
5,
“Installing
and
configuring
the
system
prerequisites,”
on
page
29.
v
WebSphere
Application
Server
5.1,
plus
fixes
located
on
the
Tivoli
Provisioning
Manager
Generic
Fixes
CD
v
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition
8.1,
Administration
Client
v
DB2
Universal
Database
Fix
Pack
3
—
applied
to
the
DB2
Administration
client
only
v
Tivoli
Directory
Server
5.2
client
v
Tivoli
Provisioning
Manager
v
IBM
Tivoli
NetView
(optional)
v
v
One
of:
–
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition
8.1
–
2000Solaris
Oracle
Database
9.2.0.1.0,
Enterprise
Edition
or
Standard
Edition
v
DB2
Universal
Database
Fix
Pack
3
—
applied
to
the
DB2
server
only
v
One
of:
–
Tivoli
Directory
Server
5.2
client
and
server,
plus
fixes
located
on
the
Tivoli
Provisioning
Manager
Generic
Fixes
CD
–
2000Windows
Microsoft
Active
Directory
v
2000AIX
DB2
Universal
Database
8.1,
Enterprise
Edition
—
if
using
Tivoli
Directory
Server
5.2.
As
noted
earlier,
the
LDAP
server
does
not
need
to
be
running
the
same
operating
environment
as
the
Tivoli
Provisioning
Manager
server.
Chapter
3.
Supported
topologies
19
Limitation
These
limitations
apply:
v
If
you
wish
to
use
the
AIX
5.2
operating
environment
for
your
Tivoli
Directory
Server
5.2
server,
you
must
use
also
install
DB2
Universal
Database
8.1,
Enterprise
Edition
on
the
Tivoli
Directory
Server
5.2
server
as
the
database
for
Tivoli
Directory
Server
5.2.
A
separate
CD
is
provided
for
installing
Tivoli
Directory
Server
and
DB2
Universal
Database
8.1,
Enterprise
Edition
in
this
situation.
This
CD
is
called
WebSphere
Application
Server
Version
5.1
AIX
Tivoli
Directory
Server
5.2.
The
part
number
on
the
CD
is:
C279KML.
Install
Tivoli
Directory
Server
and
DB2
Universal
Database
8.1,
Enterprise
Edition
according
to
the
instructions
provided
in
the
Tivoli
Directory
Server
documentation.
v
Tivoli
Directory
Server
5.2
does
not
support
Red
Hat
Enterprise
Linux
Advanced
Server
2.1.
Customers
using
Linux
on
Intel
as
their
operating
environment
for
the
Tivoli
Provisioning
Manager
server
must
install
Tivoli
Directory
Server
5.2
on
a
server
running
a
platform
other
than
Linux
on
Intel,
noting
the
AIX
5.2
restriction
above.
20
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
4.
Installation
CDs
needed
by
topology
This
chapter
describes
the
specific
installation
CDs
you
will
need
when
you
install
the
prerequisite
software
and
the
Tivoli
Provisioning
Manager
application
software.
This
chapter
details
which
CDs
are
required
for
each
supported
topology.
v
“CDs
required
for
a
one-node
topology”
on
page
21
v
“CDs
required
for
a
two-node
topology
–
Remote
directory
server
configuration”
on
page
22
v
“CDs
required
for
a
two-node
topology
–
Remote
database
and
directory
server
configuration”
on
page
23
v
“CDs
required
for
a
three-node
topology”
on
page
24
For
more
information
on
the
supported
topologies,
see
Chapter
3,
“Supported
topologies,”
on
page
15.
CDs
required
for
a
one-node
topology
In
a
one-node
topology,
all
software
is
installed
onto
one
machine.
This
section
details
which
installation
CDs
you
will
need
to
install
Tivoli
Provisioning
Manager
in
this
configuration.
Windows
CD
name
Function
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Prerequisite
Software
Installer
Installs
the
prerequisite
software
required
for
the
application.
WebSphere
Application
Server
Version
5.1
Windows
2000
and
Windows
2003
Installs
the
WebSphere
Application
Server
and
the
client.
DB2
Universal
Database
Workgroup
Server
Unlimited
Edition
Version
8.1
for
Windows
operating
system
on
32-bit
systems
Installs
the
DB2
Universal
Database
server
and
the
client.Tivoli
Directory
Server
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Tivoli
Directory
Server
5.2
for
Windows
Installs
the
Tivoli
Directory
Server
and
the
client.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
DB2
V.8.1
Fixpack-3-WR21324
for
Windows
Installs
the
cumulative
fix
pack
3
for
DB2
Universal
Database
server.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Generic
Fixes
Installs
the
Tivoli
Directory
Server
Fix,
WebSphere
Application
Server
5.1
Cumulative
Fix
3,
WebSphere
Embedded
Messaging
Interim
Fixes
for
WebSphere
Application
Server
5.1.
Tivoli
Provisioning
Manager
Version
2.1
Installs
the
Tivoli
Provisioning
Manager
application.
©
Copyright
IBM
Corp.
2003,
2004
21
CD
name
Function
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
IBM
Tivoli
NetView
Server
for
Windows
Version
7.1.4
Installs
IBM
Tivoli
NetView
7.14.
This
is
an
optional
installation.
CDs
required
for
a
two-node
topology
–
Remote
directory
server
configuration
Tivoli
Provisioning
Manager
supports
two
two-node
topology
configurations.
In
the
Remote
directory
server
configuration,
only
the
directory
server
is
installed
on
a
separate
machine.
Machine
1
includes:
v
Tivoli
Provisioning
Manager
application
server.
v
WebSphere
Application
Server
v
Database
server
Machine
2
includes
only
the
LDAP
server.
This
section
details
which
installation
CDs
you
will
need
to
install
Tivoli
Provisioning
Manager
in
this
configuration.
Windows
Machine
1
CD
name
Function
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Prerequisite
Software
Installer
Installs
the
prerequisite
software
required
for
the
application.
WebSphere
Application
Server
Version
5.1
Windows
2000
and
Windows
2003
Installs
the
WebSphere
Application
Server
and
the
client.
DB2
Universal
Database
Workgroup
Server
Unlimited
Edition
Version
8.1
for
Windows
operating
system
on
32-bit
systems
Installs
the
DB2
Universal
Database
server.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Tivoli
Directory
Server
5.2
for
Windows
Installs
the
Tivoli
Directory
Serverclient.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Generic
Fixes
Installs
the
WebSphere
Application
Server
5.1
Cumulative
Fix
3,
WebSphere
Embedded
Messaging
Interim
Fixes
for
WebSphere
Application
Server
5.1.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
DB2
V.8.1
Fixpack-3-WR21324
for
Windows
Installs
the
cumulative
fix
pack
3
for
DB2
Universal
Database
server.
Tivoli
Provisioning
Manager
Version
2.1
Installs
the
Tivoli
Provisioning
Manager
application.
22
Tivoli
Provisioning
Manager
Installation
Guide
CD
name
Function
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
IBM
Tivoli
NetView
Server
for
Windows
Version
7.1.4
Installs
IBM
Tivoli
NetView
7.14.
This
is
an
optional
installation.
Machine
2
CD
name
Function
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Prerequisite
Software
Installer
Installs
the
prerequisite
software
required
for
the
application.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Tivoli
Directory
Server
5.2
for
Windows
Installs
Tivoli
Directory
Server
and
the
client.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Generic
Fixes
Installs
the
Tivoli
Directory
Serverfix.
CDs
required
for
a
two-node
topology
–
Remote
database
and
directory
server
configuration
Tivoli
Provisioning
Manager
supports
two
two-node
topology
configurations.
In
the
remote
database
and
directory
server
configuration,
the
database
server
and
directory
server
are
installed
on
a
separate
machine.
Machine
1
includes:
v
Tivoli
Provisioning
Manager
application
server.
v
WebSphere
Application
Server
Machine
2
includes:
v
Database
server
v
LDAP
server
This
section
details
which
installation
CDs
you
will
need
to
install
Tivoli
Provisioning
Manager
in
this
configuration.
Windows
Machine
1
CD
name
Function
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Prerequisite
Software
Installer
Installs
the
prerequisite
software
required
for
the
application.
WebSphere
Application
Server
Version
5.1
Windows
2000
and
Windows
2003
Installs
the
WebSphere
Application
Server
and
the
client.
DB2
Administration
Client
Version
8.1
for
Windows
operating
systems
on
32
bit
systems
Installs
the
DB2
Universal
Database
Administration
client.
Chapter
4.
Installation
CDs
needed
by
topology
23
CD
name
Function
DB2
Version
8.1
for
Windows
FixPack
3
–
Administration
Client
Installs
the
fix
pack
for
the
DB2
Universal
Database
Administration
client.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Tivoli
Directory
Server
5.2
for
Windows
Installs
the
Tivoli
Directory
Server
client.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Generic
Fixes
Installs
the
WebSphere
Application
Server
5.1
Cumulative
Fix
3,
WebSphere
Embedded
Messaging
Interim
Fixes
for
WebSphere
Application
Server
5.1
Tivoli
Provisioning
Manager
Version
2.1
Installs
the
Tivoli
Provisioning
Manager
application.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
NetView
Server
for
Windows
Version
7.1.4
Installs
IBM
Tivoli
NetView
7.14.
This
is
an
optional
installation.
Machine
2
CD
name
Function
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Prerequisite
Software
Installer
Installs
the
prerequisite
software
required
for
the
application.
DB2
Universal
Database
Workgroup
Server
Unlimited
Edition
Version
8.1
for
Windows
operating
system
on
32-bit
systems
Installs
the
DB2
Universal
Database
server.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
DB2
V.8.1
Fixpack-3-WR21324
for
Windows
Installs
the
cumulative
fix
pack
3
for
DB2
Universal
Database
server.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Tivoli
Directory
Server
5.2
for
Windows
Installs
the
Tivoli
Directory
Server
and
client.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Generic
Fixes
Installs
the
Tivoli
Directory
Server
fix.
CDs
required
for
a
three-node
topology
In
a
three-node
topology,
Tivoli
Provisioning
Manager
is
installed
on
machine
1,
the
database
server
is
installed
on
machine
2,
and
the
LDAP
server
is
installed
on
machine
3.
This
section
details
which
installation
CDs
you
will
need
to
install
Tivoli
Provisioning
Manager
in
this
configuration.
24
Tivoli
Provisioning
Manager
Installation
Guide
Windows
Machine
1
CD
name
Function
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Prerequisite
Software
Installer
Installs
the
prerequisite
software
required
for
the
application.
WebSphere
Application
Server
Version
5.1
Windows
2000
and
Windows
2003
Installs
the
WebSphere
Application
Server
and
the
client.
DB2
Administration
Client
Version
8.1
for
Windows
operating
systems
on
32
bit
systems
Installs
the
DB2
Universal
Database
Administration
client.
DB2
Version
8.1
for
Windows
FixPack
3
–
Administration
Client
Installs
the
fix
pack
for
the
DB2
Universal
Database
Administration
client.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Tivoli
Directory
Server
5.2
for
Windows
Installs
the
Tivoli
Directory
Server
client.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Generic
Fixes
Installs
the
WebSphere
Application
Server
5.1
Cumulative
Fix
3,
WebSphere
Embedded
Messaging
Interim
Fixes
for
WebSphere
Application
Server
5.1
Tivoli
Provisioning
Manager
Version
2.1
Installs
the
Tivoli
Provisioning
Manager
application.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
NetView
Server
for
Windows
Version
7.1.4
Installs
IBM
Tivoli
NetView
7.14.
This
is
an
optional
installation.
Machine
2
CD
name
Function
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Prerequisite
Software
Installer
Installs
the
prerequisite
software
required
for
the
application.
DB2
Universal
Database
Workgroup
Server
Unlimited
Edition
Version
8.1
for
Windows
operating
system
on
32-bit
systems
Installs
the
DB2
Universal
Database
server.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
DB2
V.8.1
Fixpack-3-WR21324
for
Windows
Installs
the
cumulative
fix
pack
3
for
DB2
Universal
Database
server.
Machine
3
CD
name
Function
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Prerequisite
Software
Installer
Installs
the
prerequisite
software
required
for
the
application.
Chapter
4.
Installation
CDs
needed
by
topology
25
CD
name
Function
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Tivoli
Directory
Server
5.2
for
Windows
Installs
Tivoli
Directory
Server
and
the
client.
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Generic
Fixes
Installs
the
Tivoli
Directory
Server
fix.
The
next
step
Once
you
have
gathered
the
required
CDs,
you
are
ready
to
install
and
configure
the
prerequisites.
Proceed
to
Part
3,
“Installing
and
configuring
the
prerequisites,”
on
page
27.
26
Tivoli
Provisioning
Manager
Installation
Guide
Part
3.
Installing
and
configuring
the
prerequisites
This
section
contains
information
on
installing
and
configuring
the
prerequisite
software
for
Tivoli
Intelligent
ThinkDynamic
Orchestrator
and
Tivoli
Provisioning
Manager.
This
section
contains
the
following
chapters:
v
Chapter
5,
“Installing
and
configuring
the
system
prerequisites,”
on
page
29
v
Chapter
6,
“Installing
the
software
prerequisites
using
the
prerequisite
software
installer,”
on
page
33
v
Chapter
7,
“Installing
the
software
prerequisites
using
the
silent
installer,”
on
page
39
v
Chapter
9,
“Configuring
Tivoli
Directory
Server,”
on
page
51
v
Chapter
10,
“Installing
and
configuring
Microsoft
Active
Directory,”
on
page
55
©
Copyright
IBM
Corp.
2003,
2004
27
28
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
5.
Installing
and
configuring
the
system
prerequisites
This
chapter
provides
details
about
the
prerequisite
user
ID
and
utilities
which
you
must
install
and
configure
on
the
Tivoli
Provisioning
Manager
server
before
you
install
Tivoli
Provisioning
Manager.
This
chapter
documents
the
following
tasks:
v
“Installing
and
configuring
Cygwin”
v
“Installing
and
configuring
SNMP
Service”
on
page
30
Installing
and
configuring
Cygwin
Cygwin
Version
1.5.9–1
or
higher
must
be
installed.
For
information
on
obtaining
and
installing
Cygwin,
refer
to
the
following
Web
site:
http://www.cygwin.com.
To
install
Cygwin:
1.
Log
on
to
the
Windows
server
using
a
user
account
with
administrator
privileges.
2.
During
the
Cygwin
installation,
on
the
Select
Package
panel,
select
the
following
packages:
Note:
The
location
of
specific
packages
may
vary
depending
on
the
version
of
Cygwin
you
are
installing.
Table
1.
Cygwin
packages
Category
Package
Admin
cron,
cygrunsrv,
shutdown
Archive
sharutils,
unzip,
zip
Base
all
packages
Database
accept
default
packages
Devel
cvs
Doc
cygwin-doc
Editors
ed,
vim
Games
accept
default
packages
Graphics
none
Interpreters
Expect,
gawk
Libs
accept
default
packages
accept
default
packages
Math
accept
default
packages
Misc
accept
default
packages
Net
inetutils,
openssh,
whois
Publishing
accept
default
packages
Shells
accept
default
packages
(ensure
ash,
bash,
and
sh-utils
are
selected)
System
accept
default
packages
©
Copyright
IBM
Corp.
2003,
2004
29
Table
1.
Cygwin
packages
(continued)
Text
more
Utils
clear,
cygutils,
time,
file
Web
accept
default
packages
+XFree86
accept
default
packages
+_PostInstallLast
accept
default
packages
Note:
OpenSSH
is
now
installed.
Configuring
of
SSH
should
be
done
after
installing
Tivoli
Provisioning
Manager.
Installing
and
configuring
SNMP
Service
Tivoli
NetView
7.14
is
an
optional
part
of
the
Tivoli
Provisioning
Manager
installation.
If
you
plan
to
select
to
install
Tivoli
NetView,
you
must
install
the
Windows
SNMP
service.
When
you
install
the
SNMP
service,
you
will
need
your
Windows
2000
or
Windows
2003
CD.
If
the
SNMP
service
is
not
installed,
Tivoli
NetView
cannot
be
installed
successfully
during
the
Tivoli
Provisioning
Manager
installation.
If
you
already
have
the
SNMP
service
installed,
you
do
not
need
to
perform
this
step.
Note:
The
steps
provided
here
are
only
guidelines.
For
more
information
refer
the
Microsoft
documentation.
Installing
SNMP
service
on
Windows
2000
and
Windows
2003
Installing
SNMP
service
1.
Logon
as
Administrator.
2.
Open
the
Windows
Components
wizard.
3.
In
Components,
click
Management
and
Monitoring
Tools
(but
do
not
select
or
clear
its
check
box),
and
then
click
Details.
4.
Click
on
Next
and
let
the
install
process
complete.
5.
Select
the
appropriate
terminal
service
mode
based
on
your
local
configuration
in
the
Terminal
Service
Setup
window,
then
click
Next.
6.
If
you
do
not
have
the
Windows
2000
or
the
Windows
2003
CD
in
the
CD-ROM
drive,
a
prompt
asks
you
to
insert
the
Windows
2000
or
Windows
2003
CD.
Insert
the
Windows
2000
or
Windows
2003
CD
into
the
CD-ROM
drive.
On
the
Windows
Components
Wizard
panel,
click
Finish.
7.
Reboot
your
machine
for
these
changes
to
take
effect.
Configuring
SNMP
Service
on
Windows
2003
To
configure
the
SNMP
service
on
Windows
2003:
1.
Logon
as
Administrator.
2.
Click
Start->Control
Panel->Administrative
Tools->Computer
Management->Services.
3.
In
the
right
panel,
double-click
SNMP
Service.
4.
Click
the
Security
tab.
5.
Click
Add
under
the
Accepted
Community
Names
section.
6.
Enter
public
in
the
Community
Names
field,
and
select
READ
ONLY
in
the
Community
Rights
field.
7.
Click
Add.
30
Tivoli
Provisioning
Manager
Installation
Guide
8.
Select
Accept
SNMP
packets
from
any
host,
then
click
OK
to
exit
the
SNMP
Service
Properties
panel.
9.
In
the
services
screen,
right
click
SNMP
Service,
and
select
Restart
to
restart
the
SNMP
Service.
10.
Reboot
your
machine
for
these
changes
to
take
effect.
Configuring
SNMP
Service
on
Windows
2000
To
configure
the
SNMP
service
on
Windows
2000:
1.
Logon
as
Administrator.
2.
Click
Start->Control
Panel->Administrative
Tools->Computer
Management->Services.
3.
In
the
right
panel,
double-click
SNMP
Service.
4.
On
the
Agent
tab,
type
the
user
name
of
the
server
in
the
Contact
box,
and
then
type
the
physical
location
of
the
computer
in
the
Location
box.
5.
Check
all
of
the
boxes
that
indicate
network
capabilities
that
are
provided
by
your
computer.
After
you
complete
these
steps,
click
the
Traps
tab
to
continue
to
the
next
task.
6.
To
create
a
community,
type
the
case-sensitive
community
name
in
the
Community
name
box,
and
then
click
Add
to
list.
Repeat
this
step
if
you
want
to
create
additional
community
names.
7.
In
SNMP
Service
Properties,
click
Add
on
the
Traps
tab.
In
the
Host
name,
IP
or
IPX
address
box,
type
information
for
the
host,
and
then
click
Add
to
list.
8.
Click
Add,
type
the
host
name,
IP
address,
or
IPX
address
in
the
appropriate
box
under
SNMP
Service
Configuration,
and
then
click
Add.
The
host
name
or
address
appears
in
the
Trap
destinations
list.
Repeat
this
step
until
you
have
added
all
of
the
hosts
that
you
want
to
add.
Repeat
the
required
steps
until
you
configure
all
the
SNMP
communities
you
want,
and
then
click
the
Security
tab
to
continue
to
the
next
task.
9.
In
SNMP
Service
Properties,
on
the
Security
tab,
click
Send
authentication
trap
if
you
want
a
trap
message
sent
whenever
authentication
fails.
10.
Under
Accepted
community
names,
click
Add.
11.
Under
Community
Rights,
click
a
permission
level
for
this
host
to
process
SNMP
requests
from
the
selected
community.
To
view
a
description
of
a
dialog
box
item,
right-click
the
item,
and
then
click
What’s
This?.
12.
In
the
Community
Name
box,
type
a
case-sensitive
community
name,
and
then
click
Add.
13.
Under
SNMP
Service
Properties,
specify
whether
or
not
to
accept
SNMP
packets
from
a
host:
v
To
accept
SNMP
requests
from
any
host
on
the
network,
regardless
of
identity,
click
Accept
SNMP
packets
from
any
host.
v
To
limit
acceptance
of
SNMP
packets,
click
Accept
SNMP
packets
from
these
hosts,
click
Add,
type
the
appropriate
host
name,
IP
or
IPX
address,
and
then
click
Add
again.
Checking
the
SNMP
community
name
After
you
have
installed
SNMP
or
anytime
you
apply
a
service
pack
or
fix
pack
to
Windows,
you
should
check
the
SNMP
community
name.
To
check
for
the
SNMP
community
name,
follow
these
steps:
Chapter
5.
Installing
and
configuring
the
system
prerequisites
31
1.
From
the
task
bar,
click
Start
->
Settings->
Control
Panel->
Administrative
Tools->
Services
2.
Find
SNMP
Service
in
the
services
list.
3.
Right-click
on
SNMP
Service.
4.
Click
on
Properties.
The
SNMP
Service
Properties
panel
is
displayed.
5.
On
the
Security
tab,
make
sure
that
the
Community
name
is
public
with
READ
ONLY
rights.
The
next
step
After
you
have
completed
the
steps
in
this
chapter,
install
the
prerequisite
software.
v
Proceed
to
Chapter
6,
“Installing
the
software
prerequisites
using
the
prerequisite
software
installer,”
on
page
33
to
install
the
prerequisite
software
using
the
installation
wizard.
v
If
you
are
an
advanced
user,
you
can
install
the
prerequisite
software
using
the
silent
installation
method
described
in
Chapter
7,
“Installing
the
software
prerequisites
using
the
silent
installer,”
on
page
39.
32
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
6.
Installing
the
software
prerequisites
using
the
prerequisite
software
installer
This
chapter
describes
how
to
install
the
prerequisite
software
before
you
install
Tivoli
Provisioning
Manager
on
Windows.
Before
you
begin
You
must
meet
the
requirements
in
this
section
before
you
complete
the
steps
in
this
chapter.
v
Ensure
that
you
have
completed
the
steps
in
Chapter
5,
“Installing
and
configuring
the
system
prerequisites,”
on
page
29.
v
Ensure
that
each
machine
in
the
topology
meets
the
hardware
requirements
specified
for
the
installation
of
each
software
product
as
outlined
in
the
documentation
for
each
product.
v
Collect
the
CDs
you
will
need
to
install
the
software
prerequisites:
–
For
a
one-node
topology
installation,
refer
to
page
21.
–
For
a
two-node
topology
installation
–
remote
directory
server
configuration,
refer
to
page
22.
–
For
a
two-node
topology
installation
–
remote
database
and
directory
server
configuration,
refer
to
page
23.
–
For
a
three-node
topology
installation,
refer
to
page
25.
For
details
about
the
supported
topologies
for
Tivoli
Provisioning
Manager,
refer
to
Chapter
2,
“Supported
hardware
and
software,”
on
page
11
and
Chapter
3,
“Supported
topologies,”
on
page
15.
Note:
Do
not
install
WebSphere
Application
Server
and
DB2
Universal
Database
using
the
prerequisite
software
installer
through
remote
desktop
connections
or
network
mapping
simultaneously.
About
the
prerequisite
software
installer
The
prerequisite
software
installer
(here
on
referred
to
as
the
install
wizard)
provides
a
method
for
installing
IBM
middleware
and
its
related
components.
It
is
based
on
ISMP
and
will
install
the
applications
with
minimal
user
input.
The
prerequisite
software
installer
also
configures
the
following
information
about
WebSphere
Application
Server,
DB2
Universal
Database
and
Tivoli
Directory
Server:
v
Name
v
Location
Note:
Installation
on
a
drive
other
than
C:\
is
supported.
You
can
use
a
command
line
option,
to
overwrite
the
default
installation
directory,
for
each
of
the
components
separately.
When
starting
the
install
wizard,
the
following
options
can
now
be
specified:
–
DB2
Universal
Database:
D:\IBM\SQLLIB
–
Directory
Server:
D:\IBM\ldap
–
WebSphere
Application
Server:
D:\IBM\WebSphere\AppServer
v
Version
©
Copyright
IBM
Corp.
2003,
2004
33
v
Ports
v
Node
The
install
wizard
must
be
run
locally
on
each
machine
upon
which
you
will
install
one
or
more
of
the
prerequisite
software
packages.
For
example,
if
you
want
to
run
Tivoli
Intelligent
ThinkDynamic
Orchestrator
in
a
two-node
configuration,
with
Tivoli
Provisioning
Manager,
WebSphere
Application
Server,
and
DB2
Universal
Database
on
one
machine,
and
Tivoli
Directory
Server
and
on
a
second
machine,
you
must:
1.
Run
the
installer
once
on
the
Tivoli
Provisioning
Manager
machine
to
install
WebSphere
Application
Server
and
DB2
Universal
Database.
2.
Run
the
installer
on
the
remote
directory
server
machine
to
install
the
Tivoli
Directory
Server.
Note:
If
you
already
have
one
of
the
software
prerequisites
installed,
(for
example,
DB2
Universal
Database,
Tivoli
Directory
Server
or
WebSphere
Application
Server),
and
will
be
using
that
software
product
for
Tivoli
Provisioning
ManagerTivoli
Intelligent
ThinkDynamic
Orchestrator,
ensure
that
it
does
not
have
a
space
in
the
installation
directory.
Installing
the
prerequisite
software
To
install
the
prerequisite
software:
1.
Log
on
as
Administrator.
If
you
are
on
a
Windows
2003
system,
run
the
following
command
before
starting
the
install
wizard:
change
user
/install
Note:
In
Windows
2003,
InstallShield
sometimes
writes
to
the
directory
C:\Documents
and
Setting\Administrator\Windows\vpd.properties
and
sometimes
to
C:\Windows\vpd.properties.
This
causes
problems
for
the
installer
if
it
reads
from
the
wrong
vpd.properties
to
determine
if
all
the
prerequisite
software
are
installed
on
the
system.
To
correct
this
issue,
if
you
are
on
a
Windows
2003
system,
run
the
command
before
starting
the
prerequisite
software
installer
above,
which
will
change
windows
to
installation
mode
and
forces
reading
or
writing
to
C:\Windows\vpd.properties.
2.
Insert
the
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Prerequisite
Software
Installer
CD
into
the
CD
drive.
3.
Start
the
installer
using
the
command:
setupwin32.exe.
4.
A
language
selection
panel
for
the
wizard
appears.
Select
the
language
in
which
you
want
the
installation
panels
to
display.
Support
for
this
language
will
also
be
installed
for
the
prerequisite
software
products
chosen.
To
install
additional
languages,
use
the
language
pack
install
process
provide
by
each
of
the
individual
prerequisite
software
products.
Click
OK.
The
installer
program
verifies
that
the
system
prerequisites
have
been
met.
5.
Read
the
information
on
the
Prerequisite
software
installer
panel
and
click
Next.
6.
On
the
next
panel,
specify
a
directory
into
which
you
will
copy
the
Tivoli
Software
Installer
application,
and
then
click
Next.
Note:
The
prerequisite
software
installer
is
not
on
the
same
CD
as
the
products
it
will
install.
To
free
up
the
CD
drive
for
other
CDs,
the
34
Tivoli
Provisioning
Manager
Installation
Guide
prerequisite
software
installer
will
copy
itself
to
the
machine
hard
drive
and
restart
itself.
At
this
time
the
installer
screen
may
not
be
visible.
7.
The
language
selection
panel
for
the
wizard
appears
again.
Click
OK.
8.
On
the
next
panel,
select
which
products
to
install
on
this
machine.
Refer
to
Chapter
3,
“Supported
topologies,”
on
page
15
for
more
information.
Choose
from
these
options:
v
DB2
Universal
Database
8.1:
This
option
will
install
either
the
DB2
server
or
client.
Choose
this
option
if
you
want
to
install
only
the
database
client
or
the
server.
v
Tivoli
Directory
Server
5.2
with
DB2
8.1:
This
option
will
install
the
LDAP
server
and
client
and
DB2
Workgroup
Server
Unlimited
Edition.
Select
this
option
if
you
want
to
use
Tivoli
Directory
Server
5.2
as
your
LDAP
server
and
if
the
following
conditions
apply:
–
You
want
to
install
only
the
LDAP
client
and
not
the
server.
–
You
want
to
install
your
LDAP
server
on
the
same
machine
as
Tivoli
Provisioning
Manager.
–
You
want
to
install
your
LDAP
server
on
a
dedicated
machine.
–
You
want
to
install
the
LDAP
and
database
server
on
the
same
machine.
Note:
In
a
single
system
topology,
if
you
are
manually
installing
IBM
Directory
server,
do
not
choose
to
install
the
WebSphere
Application
Server
Express
component.
This
is
due
to
some
ports
which
may
conflict
with
WebSphere
Application
Server.
If
you
install
Tivoli
Directory
Server
using
the
prerequisite
software
installer,
you
will
not
encounter
this
problem.If
you
want
to
use
Microsoft
Active
Directory
as
your
LDAP
server,
do
not
select
this
option.
v
WebSphere
Application
Server
5.1:
This
option
will
install
WebSphere
Application
Server
.
9.
When
you
have
made
your
selection,
click
Next.
Note:
While
the
prerequisite
software
is
being
installed,
the
progress
bar
will
only
be
updated
after
each
software
product
has
been
installed.
10.
If
you
selected
to
install
DB2
Universal
Database,
the
next
panel
allows
you
to
specify
whether
to
install
the
client
or
server.
Choose
from
these
options:
v
DB2
Workgroup
Server
with
Fixpack
3:
This
will
install
the
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
database
server
and
the
Fixpack.
v
DB2
Administrator
Client
with
Fixpack
3:
This
will
install
the
DB2
Administrator
client
and
the
fixpack.
Select
this
option
if
you
will
be
creating,
or
have
already
created,
a
remote
database
server
and
you
are
running
the
installer
on
your
Tivoli
Provisioning
Manager
machine.
The
DB2
client
instance
will
be
created
for
you.11.
If
you
selected
to
install
Tivoli
Directory
Server
5.2
with
DB2
8.1,
the
next
panel
allows
you
to
specify
whether
to
install
the
client
or
server
for
both
Tivoli
Directory
Server
and
DB2.
Choose
from
these
options:
DB2
Universal
Database
v
DB2
Workgroup
Server
with
Fixpack
3.
This
the
same
as
option
as
in
the
previous
step.
v
DB2
Administrator
Client
with
Fixpack
3.
This
the
same
as
option
as
in
the
previous
step.
Chapter
6.
Installing
the
software
prerequisites
using
the
prerequisite
software
installer
35
Tivoli
Directory
Server
5.2
with
DB2
8.1
v
server
and
client.
Choose
this
option
if
the
following
conditions
apply:
–
You
want
to
install
your
LDAP
server
on
the
same
machine
as
Tivoli
Provisioning
Manager.
–
You
want
to
install
your
LDAP
server
on
a
dedicated
machine.v
client
only.
Select
this
option
if
you
will
be
creating,
or
have
already
created,
a
remote
directory
server
and
you
are
running
the
installer
on
your
Tivoli
Provisioning
Manager
machine.12.
On
the
next
panel,
you
are
prompted
to
enter
information
which
will
be
used
to
configure
the
database
and
create
your
database
instance.
Complete
the
fields
as
follows:
Database
user
name
You
may
change
the
default
user
name
of
db2inst1
but
do
not
leave
this
field
blank.
Password
Enter
the
password
for
the
database
user
name.
Confirm
password
Enter
the
password
again.13.
The
next
screen
confirms
the
installation
options
you
have
selected,
including
installation
directories,
port
numbers,
user
names,
and
so
on.
Record
this
information;
some
of
the
information
will
be
needed
during
the
Tivoli
Provisioning
Manager
installation.
The
installation
options
are
also
saved
in
c:\Program
Files\IBM\pics\mwInfo.html
.
Click
Install.
14.
You
are
prompted
to
enter
or
browse
to
the
paths
where
the
installation
code
for
the
software
you
have
selected.
If
you
will
be
installing
the
software
selections
from
the
local
CD
drive,
insert
the
first
CD
and
specify
the
appropriate
drive
location.
If
you
have
copied
the
software
CD
images
to
a
local
or
network
drive,
enter
the
path
to
the
location
of
the
images.
Depending
on
the
software
you
have
selected
to
install,
you
will
be
prompted
for
installation
images
in
the
order
given
below.
Click
Next
after
you
have
selected
your
option.
a.
DB2
Universal
Database,
Workgroup
Server
Unlimited
Edition,
Version
8.1
b.
DB2
Universal
Database
Version
8.1
Fix
Pack
3.
Note:
Ensure
you
choose
the
correct
CD
when
installing
the
fix
pack
for
the
DB2
client.
This
will
apply
only
if
you
have
a
remote
database
server.
The
name
of
the
CD
for
the
DB2
V
8.1
for
the
Administration
Client
is
DB2
V8.1
for
Windows
FixPak
3
-
Administration
Client
c.
Tivoli
Directory
Server
Version
5.2
d.
WebSphere
Application
Server
5.1
Notes:
a.
Do
not
drill
down
to
the
location
of
the
actual
installation
executable.
Select
the
top-level
directory
of
the
software
location.
b.
When
prompted
for
the
location
of
the
DB2
install
image,
if
you
are
using
Oracle
as
your
database
server
and
you
do
not
want
to
install
the
DB2
client
or
the
DB2
server,
,
click
Cancel.
This
will
cancel
install
wizard
out
of
installing
DB2.
c.
The
DB2
Universal
Database
,
Tivoli
Directory
Server
and
WebSphere
Application
Server
CDs
have
autorun
enabled.
Close
the
install
panels
for
these
applications
when
they
are
displayed.
36
Tivoli
Provisioning
Manager
Installation
Guide
15.
Click
Finish.
You
have
now
installed
the
prerequisite
software
required
for
Tivoli
Provisioning
Manager.
Next,
you
must
apply
the
license
for
the
DB2
software.
To
add
a
license
using
the
command
line
:
1.
Log
in
as
administrator.
2.
Insert
the
DB2
CD
into
the
CD
drive.
3.
Go
to
the
install_directory\bin
where
install_directory
represents
the
directory
where
you
installed
the
product.
4.
Issue
the
following
command
and
replace
the
variable
x
with
the
name
of
the
CD
drive.
License
files
are
contained
in
the
db2\license
directory
of
the
installation
CD.
For
more
information
about
the
db2licm
command,
refer
to
the
Command
Reference
in
the
DB2
documentation.
db2licm
x:\db2\license\db2wsue.lic
Adding
a
license
using
the
License
Center
a.
Launch
the
Control
Center.
b.
Select
License
Center
from
the
Tools
menu
list.
c.
Refer
to
the
online
help
for
the
License
Center
available
from
the
Control
Center.
You
should
receive
a
message
similar
to
the
following:
DBI1402I
License
added
successfully.
DBI1426I
This
product
is
now
licensed
for
use
as
specified
in
the
License
Acceptance
and
License
Information
documents
pertaining
to
the
licensed
copy
of
this
product.
This
completes
the
installation
of
the
prerequisite
software
that
you
have
chosen.
If
you
have
encountered
any
problems
during
installation,
refer
to
Appendix
E,
“Installation
log
files,”
on
page
121.
Starting
the
software
services
By
default
the
system
services
for
the
software
you
have
installed
are
set
to
Manual.
These
services
should
be
set
to
start
automatically.
To
start
the
software
services
:
1.
Click
Start->
Control
Panel->
Administrative
Tools->
Services.
2.
For
the
database
server,
in
the
list
of
services,
right-click
on
DB2
Universal
Database
and
then
click
Start.
To
set
it
to
automatic,
right
click
on
the
services
and
click
Properties.
Change
the
Startup
Type
option
to
Automatic.
3.
For
the
directory
server,
right-click
on
IBM
Directory
Server
or
Microsoft
Active
Directory
and
then
click
Start.
To
set
it
to
automatic,
right
click
on
the
services
and
click
Properties.
Change
the
Startup
Type
option
to
Automatic.
Notes:
1.
Tivoli
Directory
Server
takes
longer
than
expected
to
start,
so
you
may
see
a
notification
message
informing
you
that
the
service
has
not
started.
However,
if
you
review
the
list
of
system
services,
the
Tivoli
Directory
Server
service
should
have
started.
2.
In
the
list
of
services
you
will
see
two
database
services:
one
database
service
is
for
the
Tivoli
Provisioning
Manager
database
instance
and
the
second
service
is
for
the
LDAP
database
instance.
The
Tivoli
Provisioning
Manager
database
Chapter
6.
Installing
the
software
prerequisites
using
the
prerequisite
software
installer
37
service
is
owned
by
the
user
ID
you
specified
in
step
12
on
page
36.
The
owner
of
the
database
instance
for
the
LDAP
directory
is
owned
by
a
local
system
user
ID
with
administrator
privileges.
The
next
step
Verify
the
location
of
your
Java
directory
and
then
check
the
value
of
the
$JAVA_HOME
environment
variable.
It
might
be
different
from
the
path
that
was
configured
for
your
WebSphere
Application
Server
5.1
installation.
The
path
must
point
to
the
jdk
installed
with
WebSphere
Application
Server.
This
variable
must
be
configured
correctly
to
apply
the
mandatory
WebSphere
Application
Server
fixes.
After
you
have
installed
the
prerequisite
software,
you
must
install
the
required
patches
for
the
software
you
installed.
Proceed
to
Chapter
8,
“Applying
mandatory
patches
to
Tivoli
Directory
Server
and
the
WebSphere
Application
Server,”
on
page
49.
38
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
7.
Installing
the
software
prerequisites
using
the
silent
installer
This
chapter
describes
how
to
install
the
prerequisite
software
using
the
silent
installation
method.
The
silent
installer
is
a
useful
tool
when
you
want
to
repeatedly
install
the
same
configuration
on
multiple
machines.
With
this
method,
you
create
a
template
response
file
which
contains
all
your
selected
installation
options.
You
can
then
use
this
template
file
any
time
you
wish
to
install
those
options.
Before
you
begin
Ensure
you
meet
these
requirements
before
you
complete
the
procedures
in
this
chapter.
v
Ensure
that
you
have
completed
the
steps
in
Chapter
5,
“Installing
and
configuring
the
system
prerequisites,”
on
page
29.
v
Ensure
that
each
machine
in
the
topology
meets
the
hardware
requirements
specified
for
the
installation
of
each
software
product
as
outlined
in
the
documentation
for
each
product.
v
Determine
which
CDs
you
will
need
to
install
the
software
prerequisites:
–
For
a
one-node
topology
installation,
see
page
21.
–
For
a
two-node
topology
installation
–
remote
directory
server
configuration,
see
page
22.
–
For
a
two-node
topology
installation
–
remote
database
and
directory
server
configuration,
see
page
23.
–
For
a
three-node
topology
installation,
see
page
25.
For
details
about
the
supported
topologies
for
Tivoli
Provisioning
Manager,
see
Chapter
2,
“Supported
hardware
and
software,”
on
page
11
and
Chapter
3,
“Supported
topologies,”
on
page
15.
About
silent
installation
A
typical
(non-silent)
installation
receives
the
necessary
input
from
the
user
in
the
form
of
responses
to
dialog
boxes.
However,
a
silent
installation
does
not
prompt
the
user
for
input
and
must
get
its
user
input
from
a
different
source.
That
source
is
a
response
file.
A
response
file
contains
information
similar
to
what
an
end
user
would
enter
as
responses
in
dialog
boxes
when
running
a
normal
setup.
It
is
a
plain
text
file
consisting
of
sections
containing
data
entries.
Each
section
in
the
response
file
is
delineated
by
the
characters
###.
InstallShield
reads
the
necessary
input
from
the
response
file
at
run
time
while
performing
a
silent
installation.
The
install
wizard
must
be
run
locally
on
each
machine
upon
which
you
will
install
one
or
more
of
the
prerequisite
software
packages.
For
example,
if
you
want
to
run
Tivoli
Intelligent
ThinkDynamic
Orchestrator
in
a
two-node
configuration,
with
Tivoli
Provisioning
Manager,
WebSphere
Application
Server,
and
DB2
Universal
Database
on
one
machine,
and
Tivoli
Directory
Server
on
a
second
machine,
you
must:
©
Copyright
IBM
Corp.
2003,
2004
39
1.
Run
the
installer
once
on
the
Tivoli
Provisioning
Manager
machine
to
install
WebSphere
Application
Server
and
DB2
Universal
Database.
2.
Run
the
installer
on
the
remote
directory
server
machine
to
install
Tivoli
Directory
Server
.
Note:
If
you
already
have
one
of
the
software
prerequisites
installed,
(for
example,
DB2
Universal
Database,
Tivoli
Directory
Server
or
WebSphere
Application
Server),
and
will
be
using
that
software
product
for
Tivoli
Provisioning
ManagerTivoli
Intelligent
ThinkDynamic
Orchestrator,
ensure
that
it
does
not
have
a
space
in
the
installation
directory.
Installation
on
a
drive
other
than
C:\
is
supported.
Guidelines
for
silent
installation
Follow
these
guidelines
for
a
successful
silent
installation:
v
Do
not
create
an
original
response
file
if
installing
the
product
using
the
option,
“Installing
using
the
response
file
template”
on
page
41.
Use
the
templates
provided
on
the
CD.
v
Save
a
copy
of
the
response
file
before
making
any
edits.
v
Copy
all
the
install
images
to
a
disk.
The
information
will
be
required
for
the
response
file.
v
Do
not
modify
parameters,
except
to
edit
their
values.
v
Do
not
remove
a
parameter,
even
if
it
does
not
have
a
value.
v
Do
not
add
a
parameter.
v
Do
not
change
the
order
in
which
parameters
appear.
v
Use
these
guidelines
when
editing
the
values:
–
Note
the
original
type
and
format
and
maintain
them
as
you
enter
the
new
value.
For
example:
If
the
old
value
starts
with
a
leading
slash,
make
sure
that
the
new
value
starts
with
a
leading
slash.
–
Replace
any
value
that
you
delete.
If
the
parameter
is
required,
installation
or
configuration
could
fail.
–
Retain
the
case
of
the
original
value.
Limitations
of
installing
from
a
response
file
The
command
line
installation
method
has
the
following
limitations:
v
You
cannot
install
using
multiple
installation
CDs.
You
must
copy
all
installation
media
to
your
hard
drive
or
other
file
system.
This
includes
all
the
prerequisite
software
media.
The
installation
program
does
not
prompt
for
media
when
running
silently.
To
resolve
this
issue:
1.
Create
an
installation
directory
for
each
prerequisite
software,
depending
on
your
topology.
For
example:
\WAS_install_dir
for
the
WebSphere
Application
Server
installation
files
2.
Create
a
subdirectory
for
each
of
the
installation
CDs.
For
example:
\WAS_install_dir\tiodisk1
for
CD1.
Repeat
the
same
for
all
the
CDs
that
are
required
according
to
your
topology.
3.
Place
each
CD
in
the
CD-ROM
drive,
and
copy
the
images
from
each
CD
to
its
own
subdirectory
of
the
installation
directory.
40
Tivoli
Provisioning
Manager
Installation
Guide
Note:
The
name
you
choose
for
the
installation
directory
must
be
specified
in
the
response
file
template.
Installing
using
the
response
file
template
To
install
the
prerequisites
for
Tivoli
Provisioning
Manager,
using
the
response
file
template
provided
on
the
Prerequisite
Software
Installer
CD:
1.
Log
on
as
Administrator.
If
you
are
on
a
Windows
2003
system,
run
the
following
command
before
starting
the
install
wizard:
change
user
/install
2.
Locate
the
response
file
template
located
in
the
directory.
located
in
the
directory.
located
in
the
directory.
install_templ_Win32.req
located
in
the
tools\install_templates
directory.
This
can
be
found
in
the
directory
on
the
server
where
the
contents
of
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Prerequisite
Software
Installer
CD
was
copied.
3.
Rename
and
save
a
copy
of
the
original
template.
Use
this
as
your
working
copy.
4.
Open
the
working
copy
in
an
editor
and
change
the
parameter
values
in
the
file
as
appropriate
for
your
choice
of
products
and
configuration.
Refer
to
the
section
“Specifying
response
file
values”
for
the
values
for
each
variable.
5.
After
editing
the
response
file,
start
the
installation
by
running
the
following
command
in
a
DOS
command
prompt.
Replace
the
variable
file_name
with
the
file
name
with
which
you
have
saved
the
original
template.
start
/W
setupwin32.exe
-options
file_name
-silent
Note:
You
must
prefix
the
command
with
start
/W
otherwise
the
installer
will
not
complete
properly.
6.
The
installer
begins
to
install
all
the
options
that
were
selected
in
the
response
file.
This
will
take
a
few
minutes.
When
the
command
prompt
appears
again,
the
prerequisite
software
that
you
chose
has
been
installed
successfully.
7.
Reboot
the
server
after
the
installation.
Refer
to
Appendix
E,
“Installation
log
files,”
on
page
121
for
information
about
the
silent
installation
log
files.
Specifying
response
file
values
To
edit
the
response
file
template
options:
1.
Locate
the
lines
with
the
leading
###
characters.
2.
Specify
a
value
for
a
setting
by
replacing
the
<value>
variable
with
the
proper
values.
Refer
the
table
below
for
description
on
each
of
the
variables.
3.
Remove
the
leading
###
characters
from
the
beginning
of
the
lines.
4.
Save
the
changes
to
the
file.
Table
2.
DB2
options
in
the
response
file
User
Input
Field
Description
-W
ActivateChoicePanel.active="False"
Do
Not
Modify.
Chapter
7.
Installing
the
software
prerequisites
using
the
silent
installer
41
Table
2.
DB2
options
in
the
response
file
(continued)
User
Input
Field
Description
-W
DB2ProductRequirements.install="value"
Set
to
true
to
install
DB2.
Set
to
false
if
you
do
not
want
to
install
DB2
on
this
machine.
The
remaining
DB2
flags
will
be
ignored.
-W
DB2Requirements.location="PRODUCT"
The
decision
maker
for
the
DB2
target
directory.
This
value
should
not
be
modified.
-W
DB2Requirements.locationDirectory=
C:\IBM\SQLLIB
or
D:\IBM\SQLLIB
The
target
directory
where
DB2
will
be
installed.
This
value
should
not
be
modified.
-W
DB2Requirements.installFiles="PRODUCT"
The
decision
maker
for
the
DB2
installation
directory.
This
value
should
not
be
modified.
-W
DB2Requirements.installFiles
Directory="value"
The
location
where
the
DB2
installation
code
is
located,
either
on
the
CD
or
on
a
network
drive.
This
can
be
a
path
relative
to
the
executable
or
an
absolute
path.
-W
DB2Requirements.fixpackInstall
Files="PRODUCT"
The
decision
maker
for
the
DB2
fixpack
install
files
directory.
This
value
should
not
be
modified.
-W
DB2Requirements.notFound=
"PRODUCT
:value"
Provides
options
if
DB2
is
not
found
on
the
system.
Possible
values
are:
v
PRODUCT
:
Install
new
DB2:
Installs
a
new
DB2.
v
PRODUCT
:
Quit:
Exits
the
install.
-W
DB2Requirements.found="PRODUCT
:
value"
Provides
option
if
DB2
instance
is
found.
Possible
values
are:
v
PRODUCT
:
Use
Existing
DB2:
Uses
an
existing
DB2
installation
if
one
is
detected.
v
PRODUCT
:
Quit:
Exits
the
install.
-W
DB2Requirements.configuration=
"DEFAULT"
The
configuration
values
can
be
set
using
the
values
in
this
file.
To
let
the
installer
configure
DB2,
leave
the
value
set
to
DEFAULT
and
do
not
modify
the
configuration
values.
If
you
want
to
set
the
configuration
values
in
the
file,
replace
the
value
DEFAULT
with
the
value
PRODUCT
and
modify
the
configuration
values
as
given
in
the
next
row.
v
-W
DB2Requirements.username="value"
v
-W
DB2Requirements.password="value".
v
-W
DB2Requirements.server="value"
v
-W
DB2Requirements.client="value"
v
Replace
the
variable
with
the
DB2
user
name.
v
Replace
the
variable
with
the
DB2
password.
v
If
the
DB2
Server
is
required,
set
it
to
True,
otherwise
set
it
to
False.
v
If
the
DB2
Client
is
required,
set
it
to
True,
otherwise
set
it
to
False.
42
Tivoli
Provisioning
Manager
Installation
Guide
Table
2.
DB2
options
in
the
response
file
(continued)
User
Input
Field
Description
-W
DB2Requirements.clientInstall
Files=
"Product"
The
decision
maker
for
the
DB2
Universal
Database
client
installation
directory.
Modify
only
if
DB2Requirements.client="true"
and
DB2Requirements.configuration="PRODUCT".
If
the
DB2
client
is
required,
set
it
to
True,
else
set
this
value
to
False.
-W
DB2Requirements.clientInstall
FilesDirectory="value"
The
location
where
the
DB2
Universal
Database
client
installation
code
is
located,
either
on
the
CD
or
on
a
network
drive.
This
can
be
a
path
relative
to
where
the
executable
is
running
or
an
absolute
path.
-W
DB2Requirements.
clientFixpackInstallFilesDirectory
="value"
The
location
where
the
DB2
client
fixpack
install
files
are
located.
This
can
be
a
path
relative
to
where
the
executable
is
running
or
an
absolute
path.
Table
3.
LDAP
options
in
the
response
file
User
Input
Field
Description
-W
LDAPProductRequirements.install
="value"
If
this
value
is
set
to
true
LDAP
will
be
installed.
If
this
value
is
set
to
false
skip
to
the
next
prerequisite
section
because
the
remaining
LDAP
flags
will
be
ignored.
-W
LDAPRequirements.location
="PRODUCT"
The
decision
maker
for
the
directory
server.
This
value
should
not
be
modified.
-W
LDAPRequirements.locationDirectory=
"value"
The
target
installation
directory
for
the
directory
server.
For
example:
D:\IBM\ldap
or
C:\IBM\ldap
-W
LDAPRequirements.installFiles
="PRODUCT"
The
decision
maker
for
the
LDAP
installation
code
directory.
This
value
should
not
be
modified.
-W
LDAPRequirements.
installFilesDirectory="value"
The
location
where
the
LDAP
installation
code
is
located.
This
can
be
a
path
relative
to
the
executable
or
an
absolute
path.
-W
LDAPRequirements.notFound=
"PRODUCT:
value"
Provides
options
if
LDAP
is
not
found.
Possible
values
are:
v
PRODUCT
:
Install
new
LDAP:
Installs
a
new
LDAP.
v
PRODUCT
:
Quit:
Exits
the
install.
-W
LDAPRequirements.found="PRODUCT
:value"
Provides
options
if
an
LDAP
instance
is
found.
Possible
values
are:
v
PRODUCT
:
Use
Existing
LDAP:
Try
to
reuse
the
existing
LDAP.
v
PRODUCT
:
Quit:
Exits
the
install.
Chapter
7.
Installing
the
software
prerequisites
using
the
silent
installer
43
Table
3.
LDAP
options
in
the
response
file
(continued)
User
Input
Field
Description
-W
LDAPRequirements.configuration=
DEFAULT
The
configuration
values
can
be
set
using
the
values
in
this
file.
To
let
the
installer
configure
LDAP,
leave
the
value
set
to
DEFAULT
and
do
not
modify
the
configuration
values.
If
you
want
to
set
the
configuration
values
in
the
file,
replace
the
value
DEFAULT
with
the
value
PRODUCT
and
modify
the
configuration
values
as
given
in
the
next
row.
v
-W
LDAPRequirements.server=value
Do
not
modify
the
values
below:
v
-W
LDAPRequirements.configuration=USER
v
-W
LDAPRequirements.client=true
v
-W
LDAPRequirements.webAdmin=false
v
If
the
LDAP
Server
is
required,
set
it
to
True,
else
set
it
to
False.
Do
not
modify
the
values
of
the
following
parameters.
v
-W
LDAPRequirements.configuration=USER
v
-W
LDAPRequirements.client=true.
Whenever
the
LDAP
server
is
installed,
the
client
is
installed
along
with
it.
v
-W
LDAPRequirements.webAdmin=false.
The
WebAdmin
functionality
that
is
packaged
with
Tivoli
Directory
Server
is
not
required,
hence
set
to
false
always.
Table
4.
WebSphere
Application
Server
options
in
the
response
file
User
Input
Field
Description
-W
BaseProductRequirements.install
="value"
Set
this
value
to
true
to
install
WebSphere
Application
Server.
Set
this
value
to
false
if
WebSphere
Application
Server
should
not
be
installed.
The
remaining
flags
in
this
section
will
be
ignored.
-W
BaseRequirements.location=
"PRODUCT"
The
decision
maker
for
the
WebSphere
Application
Server
target
directory.
This
value
should
not
be
modified.
-W
BaseRequirements.location
Directory="value"
The
target
directory
where
WebSphere
Application
Server
should
be
installed.
For
example:
D:\IBM\WebSphere\AppServer
or
C:\IBM\WebSphere\AppServer
-W
BaseRequirements.installFiles
="PRODUCT"
The
decision
maker
for
the
WebSphere
Application
Server
installation
directory.
This
value
should
not
be
modified.
-W
BaseRequirements.installFiles
Directory="value"
The
location
of
the
WebSphere
Application
Server
install
code.
This
can
be
a
path
relative
to
the
installation
code
or
an
absolute
path.
44
Tivoli
Provisioning
Manager
Installation
Guide
Table
4.
WebSphere
Application
Server
options
in
the
response
file
(continued)
User
Input
Field
Description
-W
BaseRequirements.fixpack
InstallFiles="PRODUCT"
The
decision
maker
for
the
WebSphere
Application
Server
fixpack
installation
code.
This
value
should
not
be
modified.
-W
BaseRequirements.installFiles
Directory="value"
The
location
of
the
WebSphere
Application
Server
fixpack
installation
code.
This
can
be
a
path
relative
to
the
installation
code
or
an
absolute
path.
-W
BaseRequirements.notFound=
"PRODUCT
:
value"
Provides
options
if
WebSphere
Application
Server
is
not
found.
Replace
with
appropriate
values
from
below:
v
PRODUCT:Install
new
WebSphere
Application
Server:
Installs
a
new
WebSphere
Application
Server.
v
PRODUCT:Quit:
Exits
the
install.
-W
BaseRequirements.acceptable=
"PRODUCT
:
value"
Provides
option
if
an
acceptable
WebSphere
Application
Server
is
found.
Possible
values
are:
v
PRODUCT
:
Install
new
WebSphere
Application
Server:
Installs
a
new
WebSphere
Application
Server.
v
PRODUCT
:
Use
Existing
WAS:
Try
to
reuse
the
existing
WebSphere
Application
Server.
v
PRODUCT
:Quit:
Exits
the
install.
-W
BaseRequirements.unacceptable=
"PRODUCT
:
value"
Provides
option
if
an
unacceptable
WebSphere
Application
Server
is
found.
Possible
values
are:
v
PRODUCT
:
Install
new
WebSphere
Application
Server:
Installs
a
new
WebSphere
Application
Server.
v
PRODUCT
:
Use
Existing
WAS:
Try
to
reuse
the
existing
WebSphere
Application
Server.
v
PRODUCT
:Quit:
Exits
the
install.
-W
BaseRequirements.customer=
"PRODUCT
:
value"
Provides
option
if
a
customer
WebSphere
Application
Server
is
found.
Possible
values
are:
v
PRODUCT
:
Install
new
WebSphere
Application
Server:
Installs
a
new
WebSphere
Application
Server.
v
PRODUCT
:
Use
Existing
WAS:
Try
to
reuse
the
existing
WebSphere
Application
Server.
v
PRODUCT
:Quit:
Exits
the
install.
Chapter
7.
Installing
the
software
prerequisites
using
the
silent
installer
45
Table
4.
WebSphere
Application
Server
options
in
the
response
file
(continued)
User
Input
Field
Description
-W
BaseRequirements.conflict=
"PRODUCT
:
value"
Provides
options
if
product
conflicts
are
found
between
applications
on
the
old
WebSphere
Application
Server
and
applications
that
are
being
installed.
Possible
values
are:
v
PRODUCT
:
Install
new
WebSphere
Application
Server:
Installs
a
new
WebSphere
Application
Server.
v
PRODUCT
:
Use
Existing
WAS:
Try
to
reuse
the
existing
WebSphere
Application
Server.
v
PRODUCT
:
Quit:
Exits
the
install.
-W
BaseRequirements.multipleversions
="PRODUCT
:
value"
Provides
options
if
more
than
one
version
of
WebSphere
Application
Server
is
found.
Possible
values
are:
v
PRODUCT
:
Use
most
recently
installed
Uses
the
most
recent
WebSphere
Application
Server
v
PRODUCT
::
Use
highest
version
Uses
the
WebSphere
Application
Server
with
the
highest
version.
-W
BaseRequirements.configuration
="DEFAULT"
The
configuration
values
can
be
set
using
the
values
in
this
file.
To
let
the
installer
configure
WebSphere
Application
Server,
leave
the
values
set
to
DEFAULT
and
do
not
modify
the
configuration
values.
Post-installation
tasks
After
you
have
successfully
installed
the
prerequisite
software
required
for
Tivoli
Provisioning
Manager,
you
must
now
carry
out
the
tasks
outlined
in
this
section:
License
for
the
DB2
software
You
must
apply
the
license
for
the
DB2
software.
To
add
a
license
using
the
command
line
:
1.
Log
in
as
administrator.
2.
Insert
the
DB2
CD
into
the
CD
drive.
3.
Go
to
the
install_directory\bin
where
install_directory
represents
the
directory
where
you
installed
the
product.
4.
Issue
the
following
command
and
replace
the
variable
x
with
the
name
of
the
CD
drive.
License
files
are
contained
in
the
db2\license
directory
of
the
installation
CD.
For
more
information
about
the
db2licm
command,
refer
to
the
Command
Reference
in
the
DB2
documentation.
db2licm
x:\db2\license\db2wsue.lic
Adding
a
license
using
the
License
Center
a.
Launch
the
Control
Center.
b.
Select
License
Center
from
the
Tools
menu
list.
c.
Refer
to
the
online
help
for
the
License
Center
available
from
the
Control
Center.
46
Tivoli
Provisioning
Manager
Installation
Guide
You
should
receive
a
message
similar
to
the
following:
DBI1402I
License
added
successfully.
DBI1426I
This
product
is
now
licensed
for
use
as
specified
in
the
License
Acceptance
and
License
Information
documents
pertaining
to
the
licensed
copy
of
this
product.
Starting
the
software
services
By
default
the
system
services
for
the
software
you
have
installed
are
set
to
Manual.
These
services
should
be
set
to
start
automatically.
To
start
the
software
services
:
1.
Click
Start->
Control
Panel->
Administrative
Tools->
Services.
2.
For
the
database
server,
in
the
list
of
services,
right-click
on
DB2
Universal
Database
and
then
click
Start.
To
set
it
to
automatic,
right
click
on
the
services
and
click
Properties.
Change
the
Startup
Type
option
to
Automatic.
3.
For
the
directory
server,
right-click
on
IBM
Directory
Server
or
Microsoft
Active
Directory
and
then
click
Start.
To
set
it
to
automatic,
right
click
on
the
services
and
click
Properties.
Change
the
Startup
Type
option
to
Automatic.
Notes:
1.
Tivoli
Directory
Server
takes
longer
than
expected
to
start,
so
you
may
see
a
notification
message
informing
you
that
the
service
has
not
started.
However,
if
you
review
the
list
of
system
services,
the
Tivoli
Directory
Server
service
should
have
started.
2.
In
the
list
of
services
you
will
see
two
database
services:
one
database
service
is
for
the
Tivoli
Provisioning
Manager
database
instance
and
the
second
service
is
for
the
LDAP
database
instance.
The
Tivoli
Provisioning
Manager
database
service
is
owned
by
the
user
ID
you
specified
in
step
12
on
page
36.
The
owner
of
the
database
instance
for
the
LDAP
directory
is
owned
by
a
local
system
user
ID
with
administrator
privileges.
This
completes
the
installation
of
the
prerequisite
software
that
you
have
chosen.
If
you
have
encountered
any
problems
during
installation,
refer
to
Appendix
E,
“Installation
log
files,”
on
page
121.
The
next
step
Verify
the
location
of
your
Java
directory
and
then
check
the
value
of
the
$JAVA_HOME
environment
variable.
It
might
be
different
from
the
path
that
was
configured
for
your
WebSphere
Application
Server
5.01
installation.
This
variable
must
be
configured
correctly
to
apply
the
mandatory
WebSphere
Application
Server
fixes.
After
you
have
installed
the
prerequisite
software,
you
must
install
the
required
patches
for
the
software
you
installed.
Proceed
to
Chapter
8,
“Applying
mandatory
patches
to
Tivoli
Directory
Server
and
the
WebSphere
Application
Server,”
on
page
49
and
complete
the
procedures.
Chapter
7.
Installing
the
software
prerequisites
using
the
silent
installer
47
48
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
8.
Applying
mandatory
patches
to
Tivoli
Directory
Server
and
the
WebSphere
Application
Server
After
you
install
the
prerequisite
software,
you
must
apply
the
following
patches
to
the
Tivoli
Directory
Server
and
the
WebSphere
Application
Server:
v
IBM
Tivoli
Directory
Server
fix
v
WebSphere
Application
Server
5.1
cumulative
fix
3
v
IBM
WebSphere
MQ
V5.3
fix
The
fix
packs
are
located
on
the
Tivoli
Provisioning
Manager
and
Tivoli
Intelligent
ThinkDynamic
Orchestrator
Version
2.1
Generic
Fixes
CD.
Applying
the
IBM
Tivoli
Directory
Server
fix
To
install
the
IBM
Tivoli
Directory
Server
fix
V3.ibm.at:
1.
Stop
the
IBM
Tivoli
Directory
Server
Services.
2.
From
the
/ITDS
directory
on
the
CD,
copy
the
v3.ibm.at
file
to
the
TDS_installdir\etc
directory,
where
TDS_installdir
is
the
Tivoli
Directory
Server
installation
directory.
3.
Restart
the
IBM
Tivoli
Directory
Server
services.
Applying
the
WebSphere
Application
Server
5.1
Cumulative
Fix
3
To
apply
WebSphere
Application
Server
5.1
Cumulative
Fix
3:
1.
Log
on
as
Administrator.
2.
Stop
the
WebSphere
Application
Server.
3.
Switch
to
the
WebSphere
Application
Server
installation
directory
and
create
a
sub-directory
called
\update\was510_cf3.
4.
Copy
the
Cumulative
Fix
3
file
was510_cf3_win.zip
from
the
WAS\CF3
directory
on
the
CD
to
the
WAS_installdir\update\was510_cf3
directory
you
created.
The
file
name
is
was510_cf3_win.zip.
5.
Unzip
the
Cumulative
Fix
3
package.
6.
Run
the
UpdateWizard
with
the
command
updateWizard.bat.
During
installation
ensure
that
the
Install
fix
packs
option
is
selected.
Note:
On
some
platforms,
the
UpdateWizard
interface
to
the
update
installer
program
does
not
recognize
the
existing
WebSphere
Application
Server
product.
This
problem
is
caused
by
a
limitation
in
the
InstallShield
for
MultiPlatforms
(ISMP)
program
that
the
update
installer
program
uses.
To
work
around
the
problem,
click
Specify
product
information
and
type
the
fully
qualified
installation
root
directory
for
the
existing
product
in
the
Installation
directory
field
of
the
UpdateWizard
panel.
7.
After
installing
the
fix,
restart
WebSphere
Application
Server.
Applying
the
IBM
WebSphere
MQ
V5.3
fix
To
apply
the
WebSphere
MQ
fix:
1.
Logon
as
Administrator.
©
Copyright
IBM
Corp.
2003,
2004
49
|
2.
Unzip
the
IC38409.windows.zip
file
from
the
CD
located
in
the
directory:
\WAS\IC38409
into
a
temporary
directory
on
your
hard
drive.
3.
Stop
all
running
queue
managers
and
channel
listeners.
4.
Stop
the
IBM
WebSphere
MQ
Service.
5.
Take
a
backup
copy
of
the
existing
com.ibm.mqjms.jar
and
com.ibm.mq.jarfiles.
6.
Apply
the
fix.
Refer
the
readme
file
that
comes
with
the
CD
to
install
the
fix.
7.
Restart
the
queue
managers
and
channel
listeners.
8.
Restart
the
IBM
WebSphere
MQ
Service.
The
next
step
After
you
apply
the
fixes,
you
will
need
to
do
one
of
the
following:
v
If
you
installed
the
Tivoli
Directory
Server,
additional
configuration
is
required.
Proceed
to
Chapter
9,
“Configuring
Tivoli
Directory
Server,”
on
page
51.
v
If
you
are
using
Microsoft
Active
Directory
as
your
directory
server,
refer
to
Chapter
10,
“Installing
and
configuring
Microsoft
Active
Directory,”
on
page
55.
50
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
9.
Configuring
Tivoli
Directory
Server
This
chapter
describes
how
to
configure
the
Tivoli
Directory
Server.
Tivoli
Directory
Server
must
be
installed
and
configured
as
the
back-end
user
registry
for
Tivoli
Provisioning
Manager.
Before
you
begin
Ensure
that
you
have
completed
the
steps
in
“Applying
the
IBM
Tivoli
Directory
Server
fix”
on
page
49.
Configuring
Tivoli
Directory
Server
This
section
describes
how
to
configure
Tivoli
Directory
Server
using
the
Configuration
Utility.
You
can
use
the
ldapcfg
utility
to
configure
Tivoli
Directory
Server.
For
more
information,
refer
to
the
Tivoli
Directory
Server
Installation
and
Configuration
documentation
available
at
http://publib.boulder.ibm.com/tividd/td/IBMDirectoryServer5.2.html.
1.
Log
on
as
administrator.
2.
From
a
command
prompt,
type
ldapxcfg
to
start
the
Tivoli
Directory
Server
configuration
utility.
Alternatively,
you
can
click
Start->Programs->
IBM
Tivoli
Directory
Server
5.2->Directory
Configuration.
Note:
Do
not
minimize
the
Configuration
Tool
window
or
the
command
prompt
window
that
is
displayed
during
initial
configuration.
Unpredictable
results
might
occur.
Setting
the
Administrator
DN
and
password
To
configure
the
Administrator
DN:
1.
In
the
task
list
on
the
left,
click
Administrator
DN.
2.
In
the
Administrator
DN/password
window
on
the
right,
type
a
valid
DN
(or
accept
the
default
DN,
cn=root)
in
the
Administrator
DN
field.
The
Tivoli
Directory
Server
administrator
DN
is
the
DN
used
by
the
administrator
of
the
directory.
This
administrator
is
the
one
user
who
has
full
access
to
all
data
in
the
directory.
The
default
DN
is
cn=root.
DNs
are
not
case
sensitive.
If
you
are
unfamiliar
with
X.500
format,
or
if
for
any
other
reason
you
do
not
want
to
define
a
new
DN,
accept
the
default
DN.
3.
Type
the
password
for
the
Administrator
DN
in
the
Administrator
Password
field.
You
must
define
a
password.
Passwords
are
case-sensitive.
Record
the
password
for
future
reference.
4.
Retype
the
password
in
the
Confirm
password
field.
Click
OK.
Note:
Double
byte
character
set
(DBCS)
characters
in
the
password
are
not
supported.
Configuring
the
database
When
you
configure
the
database,
the
Configuration
Tool
adds
information
about
the
database
that
will
be
used
to
store
directory
data
to
the
configuration
file
ibmslapd.conf.
©
Copyright
IBM
Corp.
2003,
2004
51
Before
you
configure
the
database
ensure
you
complete
the
following
tasks:
1.
The
directory
server
must
be
stopped
before
you
configure
the
database.
2.
Ensure
that
the
environment
variable
DB2COMM
is
not
set.
3.
You
must
create
a
user
ID
for
the
user
who
will
own
the
DB2
database.
The
user
ID
you
specify
will
own
the
database
instance
where
the
DB2
database
will
exist,
and
the
DB2
instance
will
be
in
the
home
directory
of
the
user.
The
user
ID
can
be
no
longer
than
8
characters.
In
addition:
The
user
must
be
a
member
of
the
Administrators
group.
To
configure
the
database:
1.
In
the
Configuration
Tool,
click
Configure
database
in
the
task
list
on
the
left.
2.
The
Configuration
Tool
attempts
to
determine
whether
you
already
have
a
database.
If
you
have
a
database
already
configured
(that
is,
the
information
for
the
database
is
in
the
configuration
file),
the
Configuration
Tool
prompts
you
for
information
about
what
you
want
to
do.
For
example,
if
the
database
is
configured
but
cannot
be
found
on
the
system,
you
might
choose
to
create
a
database
using
the
name
specified
in
the
configuration
file.
Use
the
information
shown
in
the
windows
that
are
displayed
to
configure
the
database.
Note:
Depending
on
whether
or
not
you
already
have
a
database,
some
or
all
of
the
following
windows
are
displayed.
3.
If
a
user
ID
and
password
are
requested:
a.
Type
a
user
ID
in
the
User
ID
field.
This
user
ID
must
already
exist
before
you
can
configure
the
database.
b.
Type
a
password
for
the
user
in
the
Password
field.
Passwords
are
case-sensitive.4.
If
the
database
name
is
requested:
a.
Type
the
name
you
want
to
give
the
DB2
database.
The
name
can
be
from
1
to
8
characters
long.
The
database
will
be
created
in
an
instance
with
the
same
name
as
the
user
ID.
Note:
Note:
If
you
want
a
different
database
instance
name,
you
must
use
the
ldapcfg
command
with
the
-t
option
to
configure
the
database.
b.
Click
Next.5.
If
the
database
location
is
requested:
a.
Type
the
location
for
the
database
in
the
Database
location
field.
For
Windows
platforms,
this
must
be
a
drive
letter.
.
Note:
Be
sure
that
you
have
at
least
80
MB
of
free
hard
disk
space
in
the
location
you
specify
and
that
additional
disk
space
is
available
to
accommodate
growth
as
new
entries
are
added
to
the
directory.
b.
Click
Next.6.
If
a
character
set
selection
is
requested:
a.
Click
the
type
of
database
you
want
to
create.
You
can
create
a
UCS
Transformation
Format
(UTF-8)
database,
in
which
LDAP
clients
can
store
UTF-8
character
data,
or
a
local
code
page
database,
which
is
a
database
in
the
local
code
page.
Note:
If
you
want
to
use
language
tags,
the
database
must
be
a
UTF-8
database.
b.
Click
Next.
52
Tivoli
Provisioning
Manager
Installation
Guide
7.
In
the
verification
window,
information
is
displayed
about
the
configuration
options
you
specified.
To
return
to
an
earlier
window
and
change
information,
click
Back.
To
begin
configuration,
click
Finish.
The
completion
window
is
displayed.
8.
Click
Close.
The
next
step
After
you
have
configured
Tivoli
Directory
Server,
you
are
ready
to
install
Tivoli
Provisioning
Manager.
Proceed
to
Part
4,
“Installing
Tivoli
Provisioning
Manager,”
on
page
61.
Chapter
9.
Configuring
Tivoli
Directory
Server
53
54
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
10.
Installing
and
configuring
Microsoft
Active
Directory
Microsoft
Active
Directory
must
be
installed
and
configured
as
the
back-end
user
registry
for
Tivoli
Provisioning
Manager.
This
chapter
describes
how
to
install
and
configure
Microsoft
Active
Directory
on
Windows
2000
and
Windows
Server
2003
systems.
Note:
If
you
want
to
install
Tivoli
Directory
Server
as
the
directory
server,
follow
the
steps
in
Chapter
9,
“Configuring
Tivoli
Directory
Server,”
on
page
51.
Before
you
begin
This
section
describes
the
information
and
procedures
you
must
follow
before
you
complete
the
procedures
in
this
chapter.
1.
Ensure
that
you
have
completed
the
steps
in
Chapter
6,
“Installing
the
software
prerequisites
using
the
prerequisite
software
installer,”
on
page
33.
2.
Ensure
that
the
appropriate
patches
have
been
applied
to
the
machine.
Note:
Windows
2000
requires
service
pack
4
before
you
install
Microsoft
Active
Directory.
3.
Ensure
that
the
machine
meets
the
hardware
requirements.
4.
Ensure
that
you
have
administrator
privileges.
Installing
and
configuring
Microsoft
Active
Directory
on
Windows
2000
Important
If
you
are
installing
Microsoft
Active
Directory
on
Windows
Server
2003,
do
not
follow
the
procedures
in
this
section.
Refer
to
“Installing
and
configuring
Microsoft
Active
Directory
on
Windows
2003
Server”
on
page
57.
Installing
Microsoft
Active
Directory
To
install
Microsoft
Active
Directory
on
a
Windows
2000
system:
1.
Ensure
that
Service
Pack
4
is
installed
on
the
server.
2.
Ensure
that
you
have
administrator
privileges.
3.
Install
the
Microsoft
Active
Directory
code.
Refer
to
your
Microsoft
documentation
to
find
the
detailed
procedures
for
installing
Microsoft
Active
Directory.
4.
Reboot
Microsoft
Active
Directory
server
when
you
have
completed
the
installation.
Configuring
SSL
for
Windows
2000
You
must
complete
this
step
manually.
To
request
an
SSL
certificate,
you
must
request
an
SSL
certificate
and
then
import
the
SSL
certificate
onto
the
Tivoli
Provisioning
Manager
server.
Complete
the
following
steps
sequentially
while
referring
to
your
Microsoft
documentation
for
complete
details.
©
Copyright
IBM
Corp.
2003,
2004
55
Requesting
an
SSL
certificate
1.
Configure
the
domain
controller
to
automatically
issue
certificate
to
the
computer
when
it
logs
on.
2.
Install
and
configure
the
certificate
services
and
select
Enterprise
root
CA
as
the
CA
type.
3.
Export
the
certificate
from
the
Microsoft
Active
Directory
server
in
the
Base-64
encoded
X.509
file
format.
4.
Install
the
Active
Directory
Schema
Console.
This
console
is
not
installed
by
default
with
Windows
2000,
and
manually
register
the
Schema
Console
that
is
hosted
as
a
Microsoft
Management
Console
(MMC)
snap-in.
Note:
Ensure
that
the
schema
has
read
and
write
permissions.
Importing
the
SSL
certificate
Complete
the
following
steps
to
import
the
SSL
certificate
from
the
Microsoft
Active
Directory
server
onto
the
sever
where
Tivoli
Provisioning
Manager
would
be
installed.
1.
Importing
the
SSL
certificate
as
a
trusted
certificate
enables
the
Tivoli
Provisioning
Manager
server
to
communicate
with
the
Microsoft
Active
Directory
server.
You
must
complete
this
step
manually.
To
import
the
SSL
certificate,
complete
the
following
steps
sequentially
as
you
refer
to
your
Microsoft
documentation:
a.
Copy
the
base
64
certificate
from
the
Microsoft
Active
Directory
server
to
anywhere
on
the
Tivoli
Provisioning
Manager
server.
b.
Open
the
certificate
and
then
install
in
on
the
Tivoli
Provisioning
Manager
server.
c.
Open
a
command
window.
d.
Make
sure
the
security
folder
exists
in
the
WebSphere
Application
Server,
if
not,
create
the
folder.
This
folder
is
referred
as
%CA_folder%.
The
default
location
is:
%WAS_DIR%\java\jre\lib\security
where
%WAS_DIR%
is
the
WebSphere
Application
Server
installation
directory.
e.
Ensure
that
the
appropriate
Java
Development
Kit
(JDK)
path
is
provided:
%WAS_DIR%\java\jre\bin
f.
Run
the
following
commands
on
one
line:
cacert
file
keytool
-import
-trustcacerts
-keystore
%WAS_DIR%
\java\jre\lib\security\cacerts
-file
%CA_toBeImported%
-alias
%anything%
DummyServerTrust
file
keytool
-import
-trustcacerts
-keystore
%WAS_DIR%
\etc\DummyServerTrustFile.jks
-file
%CA_toBeImported%
-alias
%anything%
where:
v
%WAS_DIR%
is
the
WebSphere
Application
Server
installation
directory.
v
%CA_toBeImported%
is
the
location
of
the
imported
certificate.
v
%anything%
is
the
name
you
gave
to
the
certificate.g.
Use
the
default
Java
keystore
password:
WebAS
h.
Type
yes
to
trust
the
certificate.2.
Check
the
registry
base
DN
value
to
ensure
that
it
is
appropriate
to
your
domain.
For
example:
56
Tivoli
Provisioning
Manager
Installation
Guide
v
If
the
domain
is
mycompany.com
then
the
DN
is
dc=mycompany,dc=com.
v
If
the
domain
is
myserver.mycompany.com
then
the
DN
is
dc=myserver,dc=mycompany,dc=com.
You
do
not
have
to
manually
configure
Microsoft
Active
Directory.
The
Tivoli
Provisioning
Manager
installer
will
configure
Microsoft
Active
Directory.
However,
the
Tivoli
Provisioning
Manager
installer
does
provide
an
option
to
complete
a
manual
configuration.
For
more
information,
see
“Manually
configuring
Microsoft
Active
Directory
as
the
directory
server
on
Windows
2000”
on
page
110.
Installing
and
configuring
Microsoft
Active
Directory
on
Windows
2003
Server
Important
If
you
are
installing
Microsoft
Active
Directory
on
Windows
2000,
do
not
follow
the
procedures
in
this
section.
Refer
to
“Installing
and
configuring
Microsoft
Active
Directory
on
Windows
2000”
on
page
55.
Configuring
SSL
for
Windows
2003
Server
You
must
complete
this
step
manually.
To
request
an
SSL
certificate,
you
must
request
an
SSL
certificate
and
then
import
the
SSL
certificate
onto
the
Tivoli
Provisioning
Manager
server.
Complete
the
following
steps
sequentially
while
refering
to
your
Microsoft
documentation.
Requesting
an
SSL
certificate
1.
Ensure
that
you
have
changed
the
password
policy
on
the
Microsoft
Active
Directory
server.
Set
the
Password
must
meet
complexity
requirements
to
disabled.
2.
Configure
the
domain
controller
to
automatically
issue
certificate
to
the
computer
when
it
logs
on.
3.
Install
and
configure
the
certificate
services
and
select
Enterprise
root
CA
as
the
CA
type.
4.
Export
the
certificate
from
the
Microsoft
Active
Directory
server
in
the
Base-64
encoded
X.509
file
format.
5.
Install
the
Active
Directory
Schema
Console.
This
console
is
not
installed
by
default
with
Windows
2003,
and
manually
register
the
Schema
Console
that
is
hosted
as
a
Microsoft
Management
Console
(MMC)
snap-in.
Note:
Ensure
that
the
schema
has
read
and
write
permissions.
Importing
the
SSL
certificate
Complete
the
following
steps
to
import
the
SSL
certificate
from
the
Microsoft
Active
Directory
server
onto
the
Tivoli
Provisioning
Manager
server.
1.
Importing
the
SSL
certificate
as
a
trusted
certificate
enables
the
Tivoli
Provisioning
Manager
server
to
communicate
with
the
Microsoft
Active
Directory
server.
You
must
complete
this
step
manually.
To
import
the
SSL
certificate,
complete
the
following
steps
sequentially
as
you
refer
to
your
Microsoft
documentation:
a.
Copy
the
base
64
certificate
from
the
Microsoft
Active
Directory
server
to
anywhere
on
the
Tivoli
Provisioning
Manager
server.
Chapter
10.
Installing
and
configuring
Microsoft
Active
Directory
57
b.
Open
the
certificate
and
then
install
in
on
the
Tivoli
Provisioning
Manager
server.
c.
Open
a
command
window.
d.
Make
sure
the
security
folder
exists
in
the
WebSphere
Application
Server,
if
not,
create
the
folder.
This
folder
is
referred
as
%CA_folder%.
The
default
location
is:
%WAS_DIR%\java\jre\lib\security
where
%WAS_DIR%
is
the
WebSphere
Application
Server
installation
directory.
e.
Ensure
that
the
appropriate
Java
Development
Kit
(JDK)
path
is
provided:
%WAS_DIR%\java\jre\bin
f.
Run
the
following
commands
on
one
line:
cacert
file
keytool
-import
-trustcacerts
-keystore
%WAS_DIR%
\java\jre\lib\security\cacerts
-file
%CA_toBeImported%
-alias
%anything%
DummyServerTrust
file
keytool
-import
-trustcacerts
-keystore
%WAS_DIR%
\etc\DummyServerTrustFile.jks
-file
%CA_toBeImported%
-alias
%anything%
where:
v
%WAS_DIR%
is
the
WebSphere
Application
Server
installation
directory.
v
%CA_toBeImported%
is
the
location
of
the
imported
certificate.
v
%anything%
is
the
name
you
gave
to
the
certificate.g.
Use
the
default
Java
keystore
password:
WebAS
h.
Type
yes
to
trust
the
certificate.2.
Check
the
registry
base
DN
value
to
ensure
that
it
is
appropriate
to
your
domain.
For
example:
v
If
the
domain
is
mycompany.com
then
the
DN
is
dc=mycompany,dc=com.
v
If
the
domain
is
myserver.mycompany.com
then
the
DN
is
dc=myserver,dc=mycompany,dc=com.
In
the
directory
paths
above,
%WAS_DIR%
is
the
WebSphere
Application
Server
installation
directory.
Updating
the
schema
You
must
manually
update
the
schema
when
you
configure
Microsoft
Active
Directory
on
Windows
2003
Server
to
accommodate
Tivoli
Provisioning
Manager
attributes.
Whenever
you
update
a
schema,
the
updated
information
is
first
added
to
the
on-disk
copy
of
the
schema.
Schema
changes
are
not
visible
immediately.
The
schema
cache
is
refreshed
approximately
five
minutes
after
any
change
is
made
to
the
on-disk
copy
of
the
schema.
To
complete
this
step,
you
will
need:
v
The
utility
LDIFDE
to
support
batch
operations,
such
as
add,
create,
and
modify
which
could
be
used
to
be
performed
against
Microsoft
Active
Directory.
This
utility
is
included
with
Microsoft
Active
Directory.
v
The
command-line
OID
generator
program
oidgen.exe
to
generate
valid
Object
IDs
which
are
used
to
add
an
attribute.
This
program
is
located
in
the
netmgmt.cab
file
of
the
Windows
2000
Resource
Kit.
v
The
schema.ldif
file.
This
file
updates
the
Microsoft
Active
Directory
schema.
You
will
find
this
file
on
the
Tivoli
Provisioning
Manager
Version
2.1
CD
in
\toos\ldap\msad.
58
Tivoli
Provisioning
Manager
Installation
Guide
v
The
tiodata2003.ldif
file.
This
file
stores
the
initial
data
for
Tivoli
Provisioning
Manager.
You
will
find
this
file
on
the
Tivoli
Provisioning
Manager
Version
2.1
CD
in
\toos\ldap\msad
Note:
The
user
who
logs
on
to
run
the
scripts
should
have
administrator
privileges.
Note:
All
Tivoli
Provisioning
Manager
specific
users
and
groups
will
be
created
under
the
Tivoli
Provisioning
Manager
organizational
unit.To
run
the
schema
management
scripts:
1.
Ensure
that
the
object
IDs
have
been
regenerated
so
that
they
will
not
conflict
with
the
existing
object
IDs.
2.
Run
oidgen.exe
at
the
command
prompt
of
the
Microsoft
Active
Directory
server,
to
avoid
conflict
with
existing
Object
IDs.
3.
Open
a
command
window
and
switch
to
the
\toos\ldap\msad
directory.
This
directory
is
located
on
theTivoli
Intelligent
ThinkDynamic
Orchestrator
and
Tivoli
Provisioning
Manager
Version
2.1
CD.
It
contains
the
schema.ldif
file.
4.
In
the
schema.ldif
file:
a.
Replace
the
attributeID
of
cn=role
with
the
Attribute
Base
OID
that
is
generated
by
oidgen.exe.
b.
Replace
the
governsID
of
cn=thinkControlUser
with
the
Class
Base
OID
that
is
generated
by
oidgen.exe.5.
Enter
the
following
command
on
one
line
and
replace
Base_DN
with
the
appropriate
values:
ldifde
–i
–f
schema.ldif
–c
DC=MYCOMPANY,DC=combase_DN
–t
636
For
example,
if
your
server
domain
is
myserver.mycompany.com,
you
would
enter
the
following
command:
ldifde
–i
–f
schema.ldif
–c
DC=MYCOMPANY,DC=com
dc=myserver,dc=mycompany,dc=com
–t
636
Importing
the
LDIF
file
You
must
now
import
the
LDIF
file.
1.
Open
a
command
prompt
and
change
to
the
directory
\toos\ldap\msad
on
the
Tivoli
Intelligent
ThinkDynamic
Orchestrator
and
Tivoli
Provisioning
Manager
Version
2.1
CD.
This
directory
contains
the
tiodata2003.ldif
file.
2.
Enter
the
following
command
on
one
line
and
replace
Base_DN
with
the
appropriate
set
of
values:
ldifde
–i
–f
tiodata.ldif
–c
"DC=MYCOMPANY,DC=com"
"Base_DN"
–t
636
For
example,
if
your
directory
server
domain
is
Mydomain.Mycompany.com,
the
command
is:
ldifde
–i
–f
tiodata.ldif
–c
"DC=MYCOMPANY,DC=com"
"DC=Mydomain,DC=Mycompany,DC=com"
–t
636
Note:
In
the
example
command
above,
the
appropriate
value
for
Base_DN
is
"DC=Mydomain,DC=Mycompany,DC=com"
Starting
the
software
services
By
default
the
system
services
for
the
software
you
have
installed
are
set
to
Manual.
These
services
should
be
set
to
start
automatically.
To
start
the
software
services
:
1.
Click
Start->
Control
Panel->
Administrative
Tools->
Services.
Chapter
10.
Installing
and
configuring
Microsoft
Active
Directory
59
2.
For
the
database
server,
in
the
list
of
services,
right-click
on
DB2
Universal
Database
and
then
click
Start.
To
set
it
to
automatic,
right
click
on
the
services
and
click
Properties.
Change
the
Startup
Type
option
to
Automatic.
3.
For
the
LDAP
server,
right-click
on
IBM
Directory
Server
or
Microsoft
Active
Directory
and
then
click
Start.
To
set
it
to
automatic,
right
click
on
the
services
and
click
Properties.
Change
the
Startup
Type
option
to
Automatic.
Notes:
1.
Tivoli
Directory
Server
takes
longer
than
expected
to
start,
so
you
may
see
a
notification
message
informing
you
that
the
service
has
not
started.
However,
if
you
review
the
list
of
system
services,
the
Tivoli
Directory
Server
service
should
have
started.
2.
In
the
list
of
services
you
will
see
two
database
services:
one
database
service
is
for
the
Tivoli
Provisioning
Manager
database
instance
and
the
second
service
is
for
the
directory
server
database
instance.
The
Tivoli
Provisioning
Manager
database
service
is
owned
by
the
user
ID
you
specified
in
step
12
on
page
36.
The
owner
of
the
database
instance
for
the
directory
server
is
owned
by
a
local
system
user
ID
with
administrator
privileges.
The
next
steps
After
you
have
installed
and
configured
the
Microsoft
Active
Directory
server,
you
can
install
Tivoli
Provisioning
Manager.
Proceed
to
Part
4,
“Installing
Tivoli
Provisioning
Manager,”
on
page
61.
For
information
on
the
location
of
the
directory
server
installation
log
files,
see
Appendix
E,
“Installation
log
files,”
on
page
121.
60
Tivoli
Provisioning
Manager
Installation
Guide
Part
4.
Installing
Tivoli
Provisioning
Manager
This
section
contains
information
on
installing
Tivoli
Provisioning
Manager
using
one
of
the
following
methods:
v
The
graphical
InstallShield
program.
v
The
silent
install,
using
a
response
file.
v
The
non-graphical
installation,
or
the
console
mode
installation,
for
machines
which
may
not
be
enabled
for
a
graphical
interface.
This
section
contains
the
following
chapters:
v
Chapter
11,
“Installing
and
configuring
Tivoli
Provisioning
Manager
using
the
graphical
installer,”
on
page
63
v
Chapter
13,
“Installing
Tivoli
Provisioning
Manager
using
the
silent
installer,”
on
page
77
v
Chapter
12,
“Installing
Tivoli
Provisioning
Manager
using
the
non-graphical
installer,”
on
page
69
©
Copyright
IBM
Corp.
2003,
2004
61
62
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
11.
Installing
and
configuring
Tivoli
Provisioning
Manager
using
the
graphical
installer
This
chapter
describes
how
to
install
Tivoli
Provisioning
Manager.
The
graphical
installer
leads
you
through
the
installation
in
a
series
of
panels
that
prompt
you
for
the
information
that
is
required
for
each
step.
If
you
would
prefer
to
complete
the
installation
by
inputting
the
required
information
through
a
response
file,
go
to
Chapter
13,
“Installing
Tivoli
Provisioning
Manager
using
the
silent
installer,”
on
page
77.
If
the
target
machine
does
not
have
a
graphics
card
and
you
need
to
complete
the
installation
using
a
non-graphical
installer,
go
to
Chapter
12,
“Installing
Tivoli
Provisioning
Manager
using
the
non-graphical
installer,”
on
page
69.
Before
you
begin
Ensure
you
meet
the
requirements
in
this
section
before
you
complete
the
steps
in
this
chapter.
v
Ensure
that
you
have
completed
the
steps
in
Chapter
8,
“Applying
mandatory
patches
to
Tivoli
Directory
Server
and
the
WebSphere
Application
Server,”
on
page
49.
v
Ensure
that
you
have
the
required
CDs
for
the
Tivoli
Provisioning
Manager
installation
based
on
the
topology
you
have
chosen:
–
For
a
one-node
topology
installation,
see
page
21.
–
For
a
two-node
topology
installation
–
remote
directory
server
configuration,
see
page
22.
–
For
a
two-node
topology
installation
–
remote
database
and
directory
server
configuration,
see
page
23.
–
For
a
three-node
topology
installation,
see
page
25.
Note:
For
details
about
the
supported
topologies
for
Tivoli
Provisioning
Manager,
see
Chapter
2,
“Supported
hardware
and
software,”
on
page
11
and
Chapter
3,
“Supported
topologies,”
on
page
15.
Installing
Tivoli
Provisioning
Manager
To
install
Tivoli
Provisioning
Manager:
1.
Ensure
that
the
directory
server
and
the
database
servers
are
started.
2.
Logon
as
Administrator.
If
you
are
on
a
Windows
2003
system,
run
the
following
command
before
starting
the
installer
in
a
DOS
command
window:
change
user
/install
3.
Insert
the
Tivoli
Provisioning
Manager
Version
2.1
CD
into
the
CD
drive.
4.
On
the
Tivoli
Provisioning
Manager
box,
select
the
language
you
want
the
graphical
installer
to
use,
and
click
OK.
5.
Read
the
information
on
the
Welcome
panel
and
click
Next.
6.
The
Software
License
Agreement
panel
displays.
Review
the
terms
of
the
license
agreement
and
select
one
of
the
options.
v
If
you
accept
the
terms
of
license
agreement,
select
I
accept
the
terms
in
the
license
agreement
and
click
Next.
©
Copyright
IBM
Corp.
2003,
2004
63
v
If
you
decline
the
terms
of
the
license
agreement,
select
I
do
not
accept
the
terms
in
the
license
agreement
and
click
Next.
A
confirmation
window
is
shown
with
the
message:
Do
you
really
wish
to
decline
the
license
agreement?.
Click
Yes
to
exit
the
installation
program
or
click
No
to
return
to
the
Software
License
Agreement
panel.
7.
The
installer
must
verify
that
your
system
meets
the
prerequisites
as
specified
in
Chapter
5,
“Installing
and
configuring
the
system
prerequisites,”
on
page
29
and
verify
if
you
have
the
required
prerequisite
software.
This
may
take
a
few
minutes.
Click
Next
to
initiate
the
prerequisite
check.
8.
The
Cygwin
Installed
Directory
panel
determines
where
Cygwin
is
located.
The
installer
automatically
identifies
the
default
location.
You
can
also
specify
the
path
to
a
directory
in
which
you
already
have
installed
Cygwin.
Click
Next.
9.
The
IBM
Tivoli
Provisioning
Manager
Installation
Directory
panel
displays
the
default
installation
directory
for
Tivoli
Provisioning
Manager.
Accept
the
default
installation
path
or
enter
the
full
path
for
the
installation
directory,
and
then
click
Next.
Important
Limitation:
Tivoli
Provisioning
Manager
cannot
be
installed
into
a
directory
path
which
contains
double-byte
characters.
You
must
select
an
installation
directory
that
utilizes
single-byte
characters
only.
10.
On
the
Create
User
Account
panel,
you
are
prompted
to
enter
and
verify
the
password
for
the
user
account
tioadmin.
Click
Next.
The
installer
creates
the
account.
Note:
Enter
a
password
that
adheres
to
the
security
standards
on
theTivoli
Provisioning
Manager
server
to
ensure
that
the
tioadmin
user
creation
is
successful.
11.
On
the
Language
Package
Selection
panel,
select
this
option
if
you
want
additional
language
support
for
the
application
to
be
installed.
English
language
support
will
be
installed
by
default.
Click
Next.
12.
On
the
Database
Configuration
panel,
select
the
IBM
DB2
Universal
Database
as
your
Tivoli
Provisioning
Manager
2.1
database.
Notes:
a.
It
is
recommended
that
the
installer
configure
the
database
automatically.
If
you
wish
to
manually
configure
the
database
server,
check
the
Do
not
perform
Database
server
configuration
steps
(for
advanced
users
only)
check
box
and
then
do
the
following:
1)
Go
to
the
sectionAppendix
B,
“Manual
configurations,”
on
page
109
and
follow
the
steps
in
that
section
to
configure
the
database.
2)
Continue
with
the
Tivoli
Provisioning
Manager
installation13.
The
Database
Server
Configuration
panel
is
displayed
and
prompts
you
for
the
information
required
to
configure
your
database
server.
Complete
the
following
fields,
if
you
have
installed
IBM
DB2
Universal
Database
and
click
Next.
Notes:
a.
If
you
already
have
one
of
the
software
prerequisites
installed,
(for
example,
DB2
Universal
Database,
Tivoli
Directory
Server
or
WebSphere
Application
Server),
and
will
be
using
that
software
product
for
Tivoli
64
Tivoli
Provisioning
Manager
Installation
Guide
Provisioning
ManagerTivoli
Intelligent
ThinkDynamic
Orchestrator,
ensure
that
it
does
not
have
a
space
in
the
installation
directory.
b.
If
you
installed
IBM
DB2
Universal
Database
using
the
installation
wizard
or
using
the
silent
installation
option,
the
user
IDs
and
directory
paths
you
enter
on
this
screen
must
match
those
entered
during
IBM
DB2
Universal
Database
installation.
For
more
information
on
these
database
user
IDs
and
how
they
are
used,
refer
to
your
database
product
documentation.
Fully
Qualified
Host
Name
or
IP
Address
of
the
IBM
DB2
Universal
Database
server
Enter
the
fully
qualified
host
name.
For
example,
myhost.domain.com.
Host
Port
Enter
the
host
port
of
the
remote
database
instance.
Database
Name
for
the
IBM
Tivoli
Provisioning
Manager
database
Enter
the
name
of
a
new
and
unique
database
to
be
created
for
Tivoli
Provisioning
Manager.
The
Database
Name
must
not
be
longer
than
eight
characters
in
length
and
must
not
have
the
name
TIOINTER.
If
you
specify
the
name
of
an
existing
database,
then
those
tables
and
data
will
be
lost.
Database
Server
Instance
Owner
This
is
the
user
ID
used
to
manage
the
database
instance.
DB2
Server
Instance
Owner
Password
Enter
the
password
for
the
instance
owner
ID.
Database
User
Name
This
user
name
will
be
used
by
Tivoli
Provisioning
Manager
to
connect
to
the
database
server.
This
ID
can
either
be
the
same
as
the
Database
Server
Instance
Owner
or
another
existing
database
user
ID
on
the
database
server.
Ensure
that
the
Database
User
Name
belongs
to
SYSADM
group.
Database
User
Password
Enter
the
password
for
the
database
user
ID.
Local
DB2
instance
SQLLIB
directory
The
installer
populates
this
field
with
the
default
DB2
instance
directory.
Verify
that
the
correct
path
is
entered
in
this
field.
If
multiple
instances
exist
on
this
server,
or
if
you
installed
to
a
directory
other
than
the
default,
the
installer
cannot
detect
which
instance
directory
is
to
be
used
with
Tivoli
Provisioning
Manager.
If
you
have
installed
your
database
server
on
a
remote
server,
enter
the
path
to
the
local
database
client
directory.14.
On
the
LDAP
Configuration
panel,
select
the
directory
server
that
you
want
to
use
with
Tivoli
Provisioning
Manager.
v
Tivoli
Directory
Server
5.2
v
Microsoft
Active
Directory
Notes:
a.
It
is
recommended
that
the
installer
configure
the
directory
server
automatically.
For
advanced
users,
who
wish
to
manually
configure
the
directory
server,
check
the
Do
not
perform
Directory
server
configuration
steps
(for
advanced
users
only)
check
box
and
then
do
the
following:
1)
Go
to
the
sectionAppendix
B,
“Manual
configurations,”
on
page
109
and
follow
the
steps
in
that
section
to
configure
the
directory
server.
2)
Continue
with
the
Tivoli
Provisioning
Manager
installation
Chapter
11.
Installing
and
configuring
Tivoli
Provisioning
Manager
using
the
graphical
installer
65
||||||
15.
The
LDAP
Configuration
panel
is
displayed
and
prompts
you
for
the
information
required
to
configure
your
directory
server.
Enter
the
information
and
click
Next.
Note:
If
you
have
checked
the
Enable
SSL
for
Runtime
Transactions
check
box,
you
must
complete
the
instructions
provided
in
the
section
Chapter
14,
“Establishing
secure
server
communication
using
SSL,”
on
page
87
after
installing
Tivoli
Provisioning
Manager
successfully.
Base
DN
The
default
value
is
dc=ibm,dc=com.
Change
this
to
reflect
your
domain
information.
LDAP
Administrator
User
Name
This
value
must
match
the
value
you
entered
in
the
section
“Setting
the
Administrator
DN
and
password”
on
page
51.The
default
value
is
cn=root.
LDAP
Administrator
User
Password
Enter
the
password
for
the
LDAP
Administrator
user.
This
is
the
value
you
entered
in
the
section
“Setting
the
Administrator
DN
and
password”
on
page
51.
Fully
Qualified
Host
Name
or
IP
Address
Enter
the
fully
qualified
host
name.
For
example,
myhost.domain.com.
Host
Port
The
port
that
is
used
to
communicate
with
the
LDAP
server.
The
default
value
is
389.
If
you
are
using
Microsoft
Active
Directory,
refer
to
your
product
documentation
for
information
about
the
host
port
value.
LDAP
Client
Installation
Directory
Enter
the
appropriate
path
for
the
installation
directory
of
the
local
client.16.
On
the
WebSphere
Application
Server
configuration
panel,
enter
the
required
information
in
the
fields
and
click
Next:
DNS
Suffix
Name
This
must
be
the
DNS
domain.
For
example,
mycompany.com.
This
information
is
used
for
the
single
sign-on
functionality
in
WebSphere
Application
Server.
Installation
Directory
Verify
that
the
location
is
correct.
Note:
The
system
runs
an
automated
server
stop-and-start
cycle
to
verify
that
the
WebSphere
Application
Server
is
operating
properly
before
you
install
Tivoli
Provisioning
Manager.
While
the
system
stops
the
server,
the
panel
displays
the
message:
Starting
the
WebSphere
Application
Server,
and
a
blue
process
bar
indicates
that
the
system
is
processing.
When
the
server
is
stopped,
the
system
starts
it
again,
and
the
panel
displays
the
message:
Stopping
the
WebSphere
Application
Server.
When
the
server
is
stopped
a
second
time,
the
automated
server
stop-and-start
verification
cycle
is
complete.
17.
The
next
screen
provides
you
with
the
option
to
install
IBM
Tivoli
NetView,
a
network
management
software
package
that
discovers
TCP/IP
networks,
66
Tivoli
Provisioning
Manager
Installation
Guide
displays
network
topologies,
correlates
and
manage
events
and
SNMP
traps,
monitors
network
health,
and
gathers
performance
data,
but
it
is
not
required
to
run
Tivoli
Provisioning
Manager..
To
install
IBM
Tivoli
NetView:
a.
Select
Install
IBM
NetView,
and
then
click
Next.
b.
The
installer
will
prompt
you
for
the
Tivoli
NetView
CD
during
the
software
installation.
c.
On
the
Create
NetView
User
Account
panel,
enter
an
appropriate
password
and
then
click
Next.18.
The
Installation
Preview
panel
summarizes
the
information
you
have
entered
during
the
Tivoli
Provisioning
Manager
installation.
Review
the
information
to
ensure
that
it
is
accurate.
If
the
information
is
correct,
click
Next
to
continue
else
go
back
and
make
the
necessary
changes.
19.
The
wizard
requires
that
you
restart
the
computer.
Click
Finish
and
then
restart
the
Tivoli
Provisioning
Manager
server.
You
have
successfully
completed
the
installation
of
Tivoli
Provisioning
Manager.
The
Tivoli
Provisioning
Manager
installation
wizard
performs
some
system
configuration.
This
information
is
included
here
for
your
reference:
v
The
user
ID
tioadmin
is
created
for
you.
v
By
default
DB2
8.1.3
has
LOCKTIMEOUT=-1
(no
timeout).
The
Tivoli
Provisioning
Manager
installation
runs
a
script
to
change
the
LOCKTIMEOUT
value
to
120.
v
The
default
DB2
locklist
value
is
50.
If
you
choose
to
have
the
Tivoli
Provisioning
Manager
installer
create
the
DB2
database
for
you,
the
installer
sets
the
locklist
value.
This
value
can
be
increased
according
to
your
requirements.
If
you
created
your
own
database
and
selected
the
Do
not
perform
database
server
configuration
steps
option
during
the
installation,
the
installer
will
not
change
the
locklist
value.
For
information
about
the
locklist
value,
refer
to
the
DB2
Universal
Database
Information
center
online
at:
http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/v8document.d2w/report?fn=r0000267.htm
Post-installation
steps
After
you
have
installed
Tivoli
Provisioning
Manager,
you
must
complete
the
tasks
in
this
section.
1.
Login
as
tioadmin.
The
tioadmin
user
has
to
be
granted
with
Log
On
As
Service
privileges,
which
is
not
currently
performed
by
installer.
To
grant
the
privilege,
do
the
following:
a.
Go
to
Start–
>
Programs–
>
Admin
tools
b.
Start
Local
Security
Policy
Management
console.
c.
In
that
console
go
to:
Local
Policies–
>User
Rights
Assignment
d.
Add
tioadmin
user
to
the
Log
on
as
service
property.2.
Edit
the
file
%TIO_HOME%\xml\datacentermodel.xml.
Search
for
the
variables
listed
below
and
replace
the
variable
with
the
appropriate
values.
Note:
TIO_HOME
is
the
folder
in
which
Tivoli
Provisioning
Manager
is
installed.
@MACADDR@
Replace
this
variable
with
the
MAC
address
of
the
network
interface
(NIC).
Chapter
11.
Installing
and
configuring
Tivoli
Provisioning
Manager
using
the
graphical
installer
67
@NICIF@
Replace
this
variable
with
the
name
of
the
network
interface.
For
example,
eth0,
en0,
bge0,
Local
Area
Connection.
@TIOPWD@
Replace
this
variable
with
the
password
for
user
tioadmin.
@VLANID@
Replace
this
variable
with
the
VLAN
identifier
of
the
VLAN
to
which
the
Tivoli
Provisioning
Manager
server
is
attached.
For
example,
10,
203.
@MACHINEMODEL@
Replace
this
variable
with
the
description
of
the
hardware
model
of
the
Tivoli
Provisioning
Manager
server.
For
example,
iSeries
335,
IBM
7028-6C4.3.
Run
the
following
command
on
one
line
as
user
tioadmin
from
the
%TIO_HOME%\xml
directory:
%TIO_HOME%\tools\xmlimport.cmd
file:%TIO_HOME%\xml\datacentermodel.xml
You
must
specify
the
full
directory
path
to
the
datacentermodel.xml
file.
The
next
step
You
have
successfully
installed
and
configured
Tivoli
Provisioning
Manager.
You
can
now
log
on
to
the
application.
Refer
to
“Requirements
to
start
Tivoli
Provisioning
Manager”
on
page
105
and
“Stopping
Tivoli
Provisioning
Manager”
on
page
106
for
more
information.
If
during
the
Tivoli
Provisioning
Manager
installation
you
selected
one
of
the
Do
not
perform
configuration
steps
(for
advanced
users
only)
options,
you
must
manually
configure
your
software.
Complete
the
steps
in
Appendix
B,
“Manual
configurations,”
on
page
109,
and
configure
the
directory
server
or
database
server,
depending
on
which
advanced
user
configuration
option
you
selected
during
installation.
If
you
want
to
use
the
reporting
functionality
of
Tivoli
Provisioning
Manager,
you
must
install
and
configure
Tivoli
Data
Warehouse
1.2
and
the
Tivoli
Provisioning
Manager
Warehouse
Enablement
Pack,
as
described
in
Chapter
16,
“Displaying
reports
from
Tivoli
Data
Warehouse,”
on
page
101.
68
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
12.
Installing
Tivoli
Provisioning
Manager
using
the
non-graphical
installer
This
chapter
describes
how
to
install
Tivoli
Provisioning
Manager
using
a
non-graphical
installation
process.
The
non-graphical
or
console
mode
installation
is
a
useful
installation
method
when
you
want
to
install
the
product
on
a
machine
that
does
not
have
a
video
card.
User
data
entry
and
status
messages
are
displayed
on
the
console
or
in
the
command
window.
If
you
would
prefer
to
complete
the
installation
using
a
series
of
panels
that
prompt
you
for
the
information
that
is
required
for
each
step,
go
to
Chapter
11,
“Installing
and
configuring
Tivoli
Provisioning
Manager
using
the
graphical
installer,”
on
page
63.
If
you
would
prefer
to
complete
the
installation
by
inputting
the
required
information
through
a
response
file,
go
to
Chapter
13,
“Installing
Tivoli
Provisioning
Manager
using
the
silent
installer,”
on
page
77.
Before
you
begin
This
section
describes
the
information
and
procedures
you
must
follow
before
you
complete
the
procedures
in
this
chapter.
v
Ensure
that
you
have
completed
the
steps
in
Chapter
8,
“Applying
mandatory
patches
to
Tivoli
Directory
Server
and
the
WebSphere
Application
Server,”
on
page
49.
v
Ensure
that
you
have
the
required
CDs
for
the
Tivoli
Provisioning
Manager
installation
based
on
the
topology
you
have
chosen:
–
For
a
one-node
topology
installation,
see
page
21.
–
For
a
two-node
topology
installation
–
remote
directory
server
configuration,
see
page
22.
–
For
a
two-node
topology
installation
–
remote
database
and
directory
server
configuration,
see
page
23.
–
For
a
three-node
topology
installation,
see
page
25.
For
details
about
the
supported
topologies
for
Tivoli
Provisioning
Manager,
see
Chapter
2,
“Supported
hardware
and
software,”
on
page
11
and
Chapter
3,
“Supported
topologies,”
on
page
15.
Installing
Tivoli
Provisioning
Manager
To
install
Tivoli
Provisioning
Manager:
1.
Ensure
that
the
directory
server
and
the
database
servers
are
started.
2.
Log
on
as
Administrator.
If
you
are
on
a
Windows
2003
system,
run
the
following
command
before
installing
the
application:
change
user
/install
3.
Insert
the
Tivoli
Provisioning
Manager
CD
into
the
CD
drive.
4.
Open
a
DOS
command
window,
change
to
root
directory
of
the
CD-ROM
drive
that
contains
the
installation
CD
and
then
start
the
installer
by
typing:
start
/W
setupwin32.exe
-console
Note:
You
must
prefix
the
command
with
start
/W
otherwise
the
installer
will
not
complete
properly.
©
Copyright
IBM
Corp.
2003,
2004
69
5.
On
the
Tivoli
Provisioning
Manager
box,
select
the
language
you
want
the
graphical
installer
to
use,
and
click
OK.
At
the
prompt
type
the
number
according
to
the
language
option
required
or
select
0
when
finished.
6.
Read
the
information
on
the
Welcome
panel
and
select
one
of
the
following
options:
v
1
for
Next
v
4
to
Redisplay
v
3
for
Cancel.
Whenever
this
option
is
selected,
select
one
of
the
following
options
when
prompted:
Notes:
a.
Yes
to
cancel.
b.
No
to
exit.
c.
You
will
be
prompted
again
to
confirm
your
choice
with
a
message:
Do
you
want
to
exit?
[2]
1:.
Press
1
to
exit
the
installation.
7.
Press
Enter
to
display
the
license
agreement
on
your
screen.
The
Software
License
Agreement
screen
displays.
Review
the
terms
of
the
license
agreement,
press
Enter
to
continue
viewing
the
license
agreement
and
then
select
one
of
the
options:
v
If
you
accept
the
terms
of
license
agreement,
select
1.
Select
one
of
the
following
options
after
viewing
the
license
agreement
:
–
1
for
Next
–
3
for
Cancel
–
4
to
Redisplay
v
If
you
decline
the
terms
of
the
license
agreement,
select
2.
–
A
confirmation
window
is
shown
with
the
message:
You
have
chosen
to
decline
the
license
agreement.
Installation
of
the
Program
will
be
terminated.
–
If
you
are
sure
you
want
to
decline
the
license
agreement,
enter
2
again
to
confirm.
Otherwise,
enter
1
to
accept
the
license
agreement,
or
press
Enter
to
continue
reading
the
agreement.
–
The
Software
License
Agreement
screen
displays
again.v
To
go
back
to
the
previous
screen,
select
99.
8.
The
installer
must
verify
that
your
system
meets
the
prerequisites
as
specified
in
Chapter
5,
“Installing
and
configuring
the
system
prerequisites,”
on
page
29
and
verify
if
you
have
the
required
prerequisite
software.
This
may
take
a
few
moments.
After
the
installer
performs
the
check,
select
one
of
the
following
options:
v
1
for
Next
v
2
for
the
Previous
page
v
3
for
Cancel
v
4
to
Redisplay
9.
The
IBM
Tivoli
Provisioning
Manager
Installation
Directory
panel
displays
the
default
installation
directory
for
Tivoli
Provisioning
Manager.
Accept
the
default
installation
path
or
enter
the
full
path
for
the
installation
directory.
Select
one
of
the
following
options:
v
1
for
Next
v
2
for
the
Previous
screen
v
3
for
Cancel
v
4
to
Redisplay
70
Tivoli
Provisioning
Manager
Installation
Guide
Important
Note:
The
installation
directory
cannot
be
the
same
as
the
installation
directory
for
your
prerequisites.
Limitation:
Tivoli
Provisioning
Manager
cannot
be
installed
into
a
directory
path
which
contains
double-byte
characters.
You
must
select
an
installation
directory
that
utilizes
single-byte
characters
only.
10.
On
the
Create
User
Account
and
User
groups
panel,
you
are
prompted
to
enter
and
verify
the
password
for
the
user
account
tioadmin.
Click
Next.
The
installer
creates
the
user
account
and
user
groups
for
the
administrator.
Note:
Enter
a
password
that
adheres
to
the
security
standards
on
theTivoli
Provisioning
Manager
server
to
ensure
that
the
tioadmin
user
creation
is
successful.Select
one
of
the
following
options:
v
1
for
Next
v
2
for
the
Previous
screen
v
3
for
Cancel
v
4
to
Redisplay
11.
To
select
the
language
pack
support,
enter
its
number,
or
0
when
you
are
finished.
English
language
support
will
be
installed
by
default.
The
language
package
provides
support
for
other
languages.
Select
one
of
the
following
options
and
click
Next:
v
1
for
Next
v
2
for
the
Previous
screen
v
3
for
Cancel
v
4
to
Redisplay
12.
On
the
Database
Configuration
panel,
select
the
IBM
DB2
Universal
Database
as
your
Tivoli
Provisioning
Manager
2.1
database
a.
To
select
an
item,
enter
its
number,
or
0
when
you
are
finished.
By
default
the
installer
will
configure
your
database
instance
for
use
with
Tivoli
Provisioning
Manager.
enter
0
when
you
are
finished.
Notes:
1)
It
is
recommended
that
the
installer
configure
the
database
automatically.
If
you
wish
to
manually
configure
the
database
server,
do
the
following:
a)
Go
to
the
sectionAppendix
B,
“Manual
configurations,”
on
page
109
and
follow
the
steps
in
that
section
to
configure
the
database.
b)
Continue
with
the
Tivoli
Provisioning
Manager
installation13.
The
Database
Server
Configuration
panel
is
displayed
and
prompts
you
for
the
information
required
to
configure
your
database
server.
Complete
the
following
fields,
if
you
have
installed
IBM
DB2
Universal
Database
and
click
Next.
Notes:
a.
If
you
already
have
one
of
the
software
prerequisites
installed,
(for
example,
DB2
Universal
Database,
Tivoli
Directory
Server
or
WebSphere
Application
Server),
and
will
be
using
that
software
product
for
Tivoli
Chapter
12.
Installing
Tivoli
Provisioning
Manager
using
the
non-graphical
installer
71
Provisioning
ManagerTivoli
Intelligent
ThinkDynamic
Orchestrator,
ensure
that
it
does
not
have
a
space
in
the
installation
directory.
b.
If
you
installed
IBM
DB2
Universal
Database
using
the
installation
wizard
or
using
the
silent
installation
option,
the
user
IDs
and
directory
paths
you
enter
on
this
screen
must
match
those
entered
during
IBM
DB2
Universal
Database
installation.
For
more
information
on
these
database
user
IDs
and
how
they
are
used,
refer
to
your
database
product
documentation.
Fully
qualified
host
name
or
IP
Address
of
the
IBM
DB2
Universal
Database
server
Enter
the
fully
qualified
host
name.
For
example,
myhost.domain.com.
It
is
not
recommended
to
enter
the
IP
address.
Host
port
Enter
the
host
port
of
the
remote
database
instance.
Database
Name
for
the
IBM
Tivoli
Provisioning
Manager
database
Enter
the
name
of
a
new
and
unique
database
to
be
created
for
Tivoli
Provisioning
Manager.
The
Database
Name
must
not
be
longer
than
eight
characters
in
length
and
must
not
have
the
name
TIOINTER.
If
you
specify
the
name
of
an
existing
database,
then
those
tables
and
data
will
be
lost.
Database
server
instance
owner
This
is
the
user
ID
used
to
manage
the
database
instance.
Database
server
instance
owner
password
Enter
the
password
for
the
instance
owner
ID.
Database
User
Name
This
user
name
will
be
used
by
Tivoli
Provisioning
Manager
to
connect
to
the
database
server.
This
ID
can
either
be
the
same
as
the
Database
Server
Instance
Owner
or
another
existing
database
user
ID
on
the
database
server.
Ensure
that
the
Database
User
Name
belongs
to
SYSADM
group.
Database
user
password
This
is
the
database
user
name
created
by
the
installer.
Local
DB2
instance
SQLLIB
directory
The
installer
populates
this
field
with
the
default
DB2
instance
directory.
Verify
that
the
correct
path
is
entered
in
this
field.
If
multiple
instances
exist
on
this
server,
or
if
you
installed
to
a
directory
other
than
the
default,
the
installer
cannot
detect
which
instance
directory
is
to
be
used
with
Tivoli
Provisioning
Manager.
If
you
have
installed
your
database
server
on
a
remote
server,
enter
the
path
to
the
local
database
client
directory.14.
The
installer
then
checks
for
the
DB2
Universal
Database
prerequisites.
Select
1
for
Next
to
continue
with
the
installation
or
select
one
of
the
following
options:
v
2
for
the
Previous
screen
v
3
for
Cancel
v
4
to
Redisplay
15.
On
the
LDAP
configuration
screen,
select
the
type
of
directory
server
you
want
to
use
with
Tivoli
Provisioning
Manager
Select
from
the
options
provided:
v
[X]
1
-
IBM
Directory
Server
v
[
]
2
-
Microsoft
Active
Directory
72
Tivoli
Provisioning
Manager
Installation
Guide
||||||
a.
To
select
an
item,
enter
its
number,
or
0
when
you
are
finished.
Enter
0
when
you
are
finished.
Notes:
1)
It
is
recommended
that
the
installer
configure
the
directory
server
automatically.
For
advanced
users
who
wish
to
manually
configure
their
directory
server,
enter
the
item
number
corresponding
to
the
option
Do
not
perform
database
configuration
steps
and
do
the
following:
a)
Go
to
the
sectionAppendix
B,
“Manual
configurations,”
on
page
109
in
the
installation
guide
and
follow
the
steps
in
that
section
to
configure
the
directory
server.
b)
Continue
with
the
Tivoli
Provisioning
Manager
installation16.
The
LDAP
Configuration
panel
is
displayed
and
prompts
you
for
the
information
required
to
configure
your
directory
server.
Enter
the
information
and
click
Next.
Note:
If
you
have
selected
Enable
SSL
for
Runtime
Transactions,
you
must
complete
the
instructions
provided
in
the
section
Chapter
14,
“Establishing
secure
server
communication
using
SSL,”
on
page
87
after
installing
Tivoli
Provisioning
Manager
successfully.
Base
DN
The
default
value
is
dc=ibm,dc=com.
Change
this
to
reflect
your
domain
information.
LDAP
Administrator
User
Name
This
value
must
match
the
value
you
entered
in
“Setting
the
Administrator
DN
and
password”
on
page
51.
LDAP
Administrator
User
Password
Enter
the
password
for
the
LDAP
Administrator
user.
This
is
the
value
you
entered
in
“Setting
the
Administrator
DN
and
password”
on
page
51.
Fully
Qualified
Host
Name
or
IP
Address
Enter
the
fully
qualified
host
name.
For
example,
myhost.domain.com.
Host
Port
The
port
that
is
used
to
communicate
with
the
LDAP
server.
The
default
value
is
389.
If
you
are
using
Microsoft
Active
Directory,
refer
to
your
product
documentation
for
information
about
the
host
port
value.
LDAP
Client
Installation
Directory
Enter
the
appropriate
path.17.
Select
1
for
Next
to
continue
with
the
installation
or
select
one
of
the
following
options:
v
2
for
the
Previous
screen
v
3
for
Cancel
v
4
to
Redisplay
18.
On
the
WebSphere
Application
Server
configuration
screen,
provide
the
information
necessary
to
access
the
installed
version
of
WebSphere
Application
Server.
Chapter
12.
Installing
Tivoli
Provisioning
Manager
using
the
non-graphical
installer
73
DNS
Suffix
Name
This
must
be
the
DNS
domain.
For
example,
mycompany.com.
This
information
is
used
for
the
single
sign-on
functionality
in
WebSphere
Application
Server.
Installation
Directory
Verify
that
the
location
is
correct.19.
The
next
screen
provides
you
with
the
option
to
install
IBM
Tivoli
NetView,
a
network
management
software
package
that
discovers
TCP/IP
networks,
displays
network
topologies,
correlates
and
manage
events
and
SNMP
traps,
monitors
network
health,
and
gathers
performance
data,
but
it
is
not
required
to
run
Tivoli
Provisioning
Manager..
To
install
IBM
Tivoli
NetView:
a.
Select
Install
IBM
NetView,
and
then
select
one
of
the
options
below:
1)
Select
1
for
Next
to
continue
with
the
installation
or
select
one
of
the
following
options:
v
2
for
the
Previous
to
return
to
the
previous
screens
to
correct
the
appropriate
information
v
3
to
Cancel
v
4
to
Redisplay
b.
The
installer
will
prompt
you
for
the
Tivoli
NetView
CD
during
the
software
installation.
Insert
the
CD
and
continue
with
the
installation.
c.
On
the
Create
NetView
User
Account
panel,
enter
an
appropriate
password
and
then
follow
one
of
these
options:
1)
Select
1
for
Next
to
continue
with
the
installation
or
select
one
of
the
following
options:
v
2
for
the
Previous
to
return
to
the
previous
screens
to
correct
the
appropriate
information
v
3
to
Cancel
v
4
to
Redisplay
20.
The
next
screen
summarizes
the
installation
information
you
have
entered.
Review
the
information
to
ensure
that
it
is
accurate.
21.
Select
1
for
Next
to
continue
with
the
installation
or
select
one
of
the
following
options:
v
2
for
the
Previous
to
return
to
the
previous
screens
to
correct
the
appropriate
information.
v
3
to
Cancel
v
4
to
Redisplay
22.
As
Tivoli
Intelligent
ThinkDynamic
Orchestrator
is
being
installed,
the
screen
displays
the
progress
of
the
installation.
The
installation
is
complete
when
the
following
screen
is
displayed:Tivoli
Provisioning
Manager
has
been
successfully
installed.
23.
Select
Finish
to
exit
the
wizard.
Press
3
to
Finish
or
4
to
Redisplay.
24.
Restart
the
Tivoli
Provisioning
Manager
server.
You
have
successfully
completed
the
installation
of
74
Tivoli
Provisioning
Manager
Installation
Guide
Post-installation
steps
After
you
have
installed
Tivoli
Provisioning
Manager,
you
must
complete
the
tasks
in
this
section.
1.
Login
as
tioadmin.
The
tioadmin
user
has
to
be
granted
with
Log
On
As
Service
privileges,
which
is
not
currently
performed
by
installer.
To
grant
the
privilege,
do
the
following:
a.
Go
to
Start–
>
Programs–
>
Admin
tools
b.
Start
Local
Security
Policy
Management
console.
c.
In
that
console
go
to:
Local
Policies–
>User
Rights
Assignment
d.
Add
tioadmin
user
to
the
Log
on
as
service
property.2.
Edit
the
file
%TIO_HOME%\xml\datacentermodel.xml.
Search
for
the
variables
listed
below
and
replace
the
variable
with
the
appropriate
values.
Note:
TIO_HOME
is
the
folder
in
which
Tivoli
Provisioning
Manager
is
installed.
@MACADDR@
Replace
this
variable
with
the
MAC
address
of
the
network
interface
(NIC).
@NICIF@
Replace
this
variable
with
the
name
of
the
network
interface.
For
example,
eth0,
en0,
bge0,
Local
Area
Connection.
@TIOPWD@
Replace
this
variable
with
the
password
for
user
tioadmin.
@VLANID@
Replace
this
variable
with
the
VLAN
identifier
of
the
VLAN
to
which
the
Tivoli
Provisioning
Manager
server
is
attached.
For
example,
10,
203.
@MACHINEMODEL@
Replace
this
variable
with
the
description
of
the
hardware
model
of
the
Tivoli
Provisioning
Manager
server.
For
example,
iSeries
335,
IBM
7028-6C4.3.
Run
the
following
command
on
one
line
as
user
tioadmin:
%TIO_HOME%\tools\xmlimport.cmd
file:%TIO_HOME%\xml\datacentermodel.xml
You
must
specify
the
full
directory
path
to
the
datacentermodel.xml
file.
The
next
step
You
have
successfully
installed
and
configured
Tivoli
Provisioning
Manager.
You
can
now
log
on
to
the
application.
Refer
to
“Requirements
to
start
Tivoli
Provisioning
Manager”
on
page
105
and
“Stopping
Tivoli
Provisioning
Manager”
on
page
106
for
more
information.
Complete
the
steps
in
Appendix
B,
“Manual
configurations,”
on
page
109,
and
configure
the
directory
server,
depending
on
which
LDAP
server
you
are
configuring.
If
you
want
to
use
the
reporting
functionality
of
Tivoli
Provisioning
Manager,
you
must
install
and
configure
Tivoli
Data
Warehouse
1.2
and
the
Tivoli
Provisioning
Manager
Warehouse
Enablement
Pack,
as
described
in
Chapter
16,
“Displaying
reports
from
Tivoli
Data
Warehouse,”
on
page
101.
Chapter
12.
Installing
Tivoli
Provisioning
Manager
using
the
non-graphical
installer
75
76
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
13.
Installing
Tivoli
Provisioning
Manager
using
the
silent
installer
This
chapter
provides
instructions
on
installing
Tivoli
Provisioning
Manager
using
the
silent
installation
method.
Tivoli
Provisioning
Manager
silent
installations
are
completed
using
the
InstallShield®MultiPlatform
product.
This
method
of
installing
is
recommended
for
advanced
users
who
prefer
to
complete
the
installation
by
inputting
the
required
information
through
a
response
file.
Silent
installation
can
be
done
in
two
ways:
v
“Installing
using
the
response
file
template”
on
page
78.
v
“Creating
the
response
file
template
during
installation”
on
page
82.
If
you
would
prefer
to
complete
the
installation
using
a
series
of
panels
that
prompt
you
for
the
information
that
is
required
for
each
step,
go
to
Chapter
11,
“Installing
and
configuring
Tivoli
Provisioning
Manager
using
the
graphical
installer,”
on
page
63.
If
the
target
machine
does
not
have
a
graphics
card
and
you
need
to
complete
the
installation
using
a
non-graphical
installer,
go
to
Chapter
12,
“Installing
Tivoli
Provisioning
Manager
using
the
non-graphical
installer,”
on
page
69.
Before
you
begin
This
section
describes
the
information
and
procedures
you
must
follow
before
you
complete
the
procedures
in
this
chapter.
v
Ensure
that
you
have
completed
the
steps
in
Chapter
8,
“Applying
mandatory
patches
to
Tivoli
Directory
Server
and
the
WebSphere
Application
Server,”
on
page
49.
v
Ensure
that
you
have
the
required
CDs
for
the
Tivoli
Provisioning
Manager
installation
based
on
the
topology
you
have
chosen:
–
For
a
one-node
topology
installation,
see
page
21.
–
For
a
two-node
topology
installation
–
remote
directory
server
configuration,
see
page
22.
–
For
a
two-node
topology
installation
–
remote
database
and
directory
server
configuration,
see
page
23.
–
For
a
three-node
topology
installation,
see
page
25.
Note:
For
details
about
the
supported
topologies
for
Tivoli
Provisioning
Manager,
see
Chapter
2,
“Supported
hardware
and
software,”
on
page
11
and
Chapter
3,
“Supported
topologies,”
on
page
15.
If
you
wish
to
install
IBM
Tivoli
NetView,
install
en_US
system
locale
support.
Limitations
of
installing
from
a
response
file
The
command
line
installation
method
has
the
following
limitations:
©
Copyright
IBM
Corp.
2003,
2004
77
v
You
cannot
install
using
multiple
installation
CDs.
You
must
copy
all
installation
media
to
your
hard
drive
or
other
file
system.
This
includes
Tivoli
Netview,
Tivoli
Enterprise
Data
Warehouse,
warehouse
pack
media.
The
installation
program
does
not
prompt
for
media
when
running
silently.
IBM
Tivoli
Netview
is
not
supported
on
Linux
iSeries
To
resolve
this
issue:
1.
Create
an
installation
directory
on
the
Tivoli
Provisioning
Manager
server.
For
example:
\netview_install_dir
Limitation:
Tivoli
Provisioning
Manager
cannot
be
installed
into
a
directory
path
which
contains
double-byte
characters.
You
must
select
an
installation
directory
that
utilizes
single-byte
characters
only.
2.
Create
a
subdirectory
for
each
of
the
installation
CDs.
For
example:
\netview_install_dir\tiodisk1
for
CD1.
Repeat
the
same
for
all
the
CDs
that
are
required
according
to
your
topology.
3.
Place
each
CD
in
the
CD-ROM
drive,
and
copy
the
images
from
each
CD
to
its
own
subdirectory
of
the
installation
directory
on
the
Tivoli
Provisioning
Manager
server.
Note:
The
name
you
choose
for
the
installation
directory
must
be
specified
in
the
response
file
template.v
You
cannot
install
support
for
languages
other
than
English
during
a
silent
installation.
Install
language
support
before
the
silent
installation.The
default
language
for
Tivoli
NetView
is
English.
This
is
a
known
limitation
for
Tivoli
NetView.
Installing
using
the
response
file
template
To
install
the
Tivoli
Provisioning
Manager,
using
the
response
file
template
that
was
provided
in
the
CD,
do
the
following:
1.
Log
on
as
Administrator.
If
you
are
on
a
Windows
2003
system,
run
the
following
command
before
starting
the
PICS
installer:
change
user
/install
2.
Ensure
that
the
directory
server,
the
database
servers
and
WebSphere
Application
Server
is
started.
3.
Locate
the
response
file
template
install_templ.req
in
the
tools\install_templates
directory.
This
can
be
found
in
the
directory
where
the
contents
of
Tivoli
Provisioning
Manager
CD
were
copied.
4.
Rename
and
save
a
copy
of
the
original
template.
Use
this
copy
as
your
working
copy.
5.
Open
the
working
copy
in
an
editor
and
change
the
parameter
values
in
the
file
as
appropriate
for
your
choice
of
products
and
configuration.
Refer
to
the
section“Specifying
response
file
values”
on
page
41
below
for
the
values
for
each
variable.
6.
After
editing
the
response
file,
open
a
DOS
command
window,
change
to
root
directory
of
the
CD-ROM
drive
that
contains
the
installation
CD.
Start
the
installer
by
typing
the
following
command.
Replace
the
variable
file_name
with
the
file
name
with
which
you
have
saved
the
original
template.
start
/W
setupwin32.exe
-options
file_name
-silent
Note:
You
must
prefix
the
command
with
start
/W
otherwise
the
installer
will
not
complete
properly.
78
Tivoli
Provisioning
Manager
Installation
Guide
7.
Start
the
silent
installation
of
the
using
the
command.
Replace
the
variable
file_name
with
the
file
name:
start
/W
setupwin32.exe
-options
file_name
-silent
8.
The
installer
begins
to
install
all
the
options
that
were
selected
in
the
response
file.
This
will
take
a
few
minutes.
The
cursor
will
keep
blinking
on
the
command
prompt.
This
indicates
that
the
installation
is
in
progress.
The
command
prompt
appears
again.
The
Tivoli
Provisioning
Manager
has
now
been
installed
successfully.
9.
Restart
the
Tivoli
Provisioning
Manager
server.
10.
After
installation,
refer
to
the
log
files
to
determine
if
the
silent
installation
was
successful.
For
more
information
on
the
log
files,
refer
the
section
Appendix
E,
“Installation
log
files,”
on
page
121.
Specifying
the
response
file
values
To
edit
the
response
file
template:
1.
Locate
the
lines
with
the
leading
###
characters.
2.
Specify
a
value
for
a
setting
by
replacing
the
value
variable
with
the
appropriate
values.
Refer
the
table
below
for
description
on
each
of
the
variables.
3.
Remove
the
leading
###
characters
from
the
beginning
of
the
lines.
4.
Save
the
changes
to
the
file.
Note:
The
passwords
in
the
response
file
accept
only
encrypted
values.
If
the
response
file
is
being
created
to
run
the
installation,
then,
you
must
get
the
encrypted
value
of
the
password.
Do
not
enter
the
text
password
in
the
password
value
field.
To
get
the
encrypted
value
of
the
password:
1.
Run
the
script
named
encrypt.bat
located
in
the
tools
directory
on
the
CD.
2.
Run
the
command:
encrypt.bat
text_password.
Replace
the
variable
text_password
with
your
text
password.
3.
Write
down
the
encrypted
value
of
the
password
that
is
generated.
Table
5.
Response
file
values
User
Input
Field
Description
-W
cygwinbean.cygwin_dir="<value>"
Windows
only.
Replace
value
with
the
full
path
of
Cygwin
installation
directory.
-W
WzdIP_NetViewWin.Password="<value>"
Windows
only.
Replace
value
with
the
encrypted
password
value
of
user
that
would
be
created
if
Netview
is
installed.
-W
WzdIP_NetViewWin.VerifyPassword
="<value>"
Windows
only.
Replace
value
with
the
encrypted
password
value
of
user
that
would
be
created
if
Netview
is
installed.
-W
WzdIP_TCHome.TCHome="<value>"
Replace
value
with
the
full
path
of
the
Tivoli
Provisioning
Manager
installation
directory.
-W
WzdIP_UsrGrpName_Disp.
Password="<value>"
Replace
value
with
the
encrypted
value
of
the
tioadmin
password.
Note:
Enter
a
text
password
that
adheres
to
the
security
standards
on
theTivoli
Provisioning
Manager
server
to
ensure
that
the
tioadmin
user
creation
is
successful.
Chapter
13.
Installing
Tivoli
Provisioning
Manager
using
the
silent
installer
79
Table
5.
Response
file
values
(continued)
User
Input
Field
Description
-W
WzdIP_UsrGrpName_Disp.
VerifyPassword="<value>"
Replace
value
with
the
encrypted
value
of
the
tioadmin
password
entered
previously
.
-W
WzdIP_LangPack.ChkInstall
LangPack
="<value>"
Replace
value
with
the
value
of
1
if
language
pack
option
is
required.
Leave
the
value
field
empty
if
this
option
is
not
required.
-W
WzdIP_DBType.DBType="<value>"
Replace
variable
with
the
type
of
database.
Enter
in
lower
case:
db2
or
oracle,
depending
on
the
type
of
database
server
you
use.
-W
WzdIP_DBType.
ConfigChoice="<value>"
It
is
recommended
that
the
installer
configure
the
database
automatically.
Leave
the
field
blank
if
installer
is
configuring
the
database
automatically.
If
you
wish
to
manually
configure
the
database
server,
enter
1.
-W
WzdIP_DB2.HostName="<value>"
Fully
qualified
host
name
of
the
DB2
Universal
Database
server.
-W
WzdIP_DB2.Port="<value>"
Port
number
of
the
DB2
Universal
Database
instance
you
wish
to
connect
to.
-W
WzdIP_DB2.DBName="<value>"
Enter
the
name
of
a
new
and
unique
database
to
be
created
for
Tivoli
Provisioning
Manager.
The
Datbase
Name
must
not
be
longer
than
eight
characters
and
must
not
have
be
TIOINTER.
If
you
specify
the
name
of
an
existing
database,
the
those
tables
and
data
will
be
lost.
Leave
the
value
of
the
field
empty
if
the
value
of
the
-W
WzdIP_DBType.ConfigChoice
field
is
empty.
-W
WzdIP_DB2.Admin
AccessName="<value>"
This
is
the
user
ID
used
to
manage
the
database
instance.
-W
WzdIP_DB2.Admin
Password="<value>"
Encrypted
value
of
theDB2
Universal
Database
instance
owner’s
password.
-W
WzdIP_DB2.DBUser
Name="<value>"
This
user
name
will
be
used
by
Tivoli
Provisioning
Manager
to
connect
to
the
database
server.
This
ID
can
either
be
the
same
as
the
Database
Server
Instance
Owner
or
another
existing
database
user
ID
on
the
database
server.
Ensure
that
the
Database
User
Name
belongs
to
SYSADM
group.
-W
WzdIP_DB2.DBUserPwd="<value>"
Enter
the
encrypted
value
for
the
password
of
the
database
user
ID.
-W
WzdIP_DB2.ClientDir="<value>"
Replace
value
with
the
full
path
of
local
DB2
Universal
Database
instanceSQLLIB
directory.
.
Verify
that
the
correct
path
is
entered
in
this
field.
If
multiple
instances
exist
on
this
server,
or
the
client
was
installed
to
a
directory
other
than
the
default,
the
installer
cannot
detect
which
instance
directory
is
to
be
used
with
Tivoli
Provisioning
Manager.
If
you
have
installed
your
database
server
on
a
remote
server,
enter
the
path
to
the
local
database
client.
80
Tivoli
Provisioning
Manager
Installation
Guide
Table
5.
Response
file
values
(continued)
User
Input
Field
Description
-W
WzdIP_Oracle.DBName="<value>"
Replace
value
with
the
SID
that
is
used
to
connect
to
the
Tivoli
Provisioning
Manager
database.
-W
WzdIP_Oracle.AdminName="<value>"
Replace
value
with
the
user
name
of
the
database
administrator
for
Oracle.
For
example,
the
default
user
names
are:
SYS
and
SYSTEM.
Do
not
use
the
operating
system
account
of
the
database
administrator.
-W
WzdIP_Oracle.AdminPassword="<value>"
Replace
value
with
the
encrypted
value
for
the
password
of
the
database
administrator.
-W
WzdIP_Oracle.UserName="<value>"
This
is
the
database
user
name
created
by
the
installer.
Replace
value
with
a
unique
database
user
name.
If
option
1
was
chosen
for
the
field,
-W
WzdIP_DBType.ConfigChoice,
replace
value
with
the
name
of
the
user
currently
existing
in
the
database.
Note:
The
user
name
that
is
created,
if
manually
configuring
the
database,
must
be
used
here.
-W
WzdIP_Oracle.Password="<value>"
Replace
value
with
the
encrypted
password
for
the
database
user
ID.
-W
WzdIP_Oracle.ClientDir="<value>"
Enter
the
directory
path
to
the
local
database
client.
-W
WzdIP_LDAPType.LDAPType="<value>"
Replace
variable
with
the
type
of
LDAP
server.
Enter
in
lower
case:
msad
or
ibmds
,
depending
on
the
type
of
LDAP
server
you
use.
WzdIP_LDAPType.Config
Choice="<value>"
It
is
recommended
that
the
installer
configure
the
database
automatically.
Leave
the
field
blank.
If
you
wish
to
manually
configure
the
database
server,
enter
1.
-W
WzdIP_IBMDS.BaseDN="<value>"
The
default
value
is
dc=ibm,dc=com.
Change
this
to
reflect
your
domain
information.
-W
WzdIP_IBMDS.AdminName="<value>"
This
value
must
match
the
value
you
entered
in
“Setting
the
Administrator
DN
and
password”
on
page
51.
-W
WzdIP_IBMDS.AdminPassword="<value>"
Replace
value
with
the
encrypted
value
of
the
LDAP
root
administrator
password.
This
is
the
value
you
entered
in
“Setting
the
Administrator
DN
and
password”
on
page
51.
-W
WzdIP_IBMDS.HostName="<value>"
Replace
value
with
the
fully
qualified
host
name
of
the
IBM
Directory
Server.
For
example,
myhost.domain.com
-W
WzdIP_IBMDS.Port="<value>"
Replace
value
with
the
port
that
is
used
to
communicate
with
the
LDAP
server.
The
default
value
is
389.
Chapter
13.
Installing
Tivoli
Provisioning
Manager
using
the
silent
installer
81
Table
5.
Response
file
values
(continued)
User
Input
Field
Description
-W
WzdIP_IBMDS.ClientDir="<value>"
Replace
value
with
the
installation
directory
of
the
local
client.
-W
WzdIP_IBMDS.SSLEnabled="<value>"
Replace
value
with
a
value
of
1,
if
it
needs
to
be
SSL
enabled.
Leave
the
value
field
empty
if
this
option
is
not
required.
-W
WzdIP_MSADInput.BaseDN="<value>"
Replace
value
with
the
BaseDN
value
of
the
directory
server.
For
example:
dc=ibm,dc=com
-W
WzdIP_MSADInput.AdminName="<value>"
Replace
value
with
the
administrator’s
account
for
LDAP
root
.
This
value
must
match
the
value
you
entered
in
2
on
page
51.
For
example:
cn=root
-W
WzdIP_MSADInput.AdminPassword="<value>"
Replace
with
encrypted
value
of
the
password
of
the
LDAP
root
administrator
password.
-W
WzdIP_MSADInput.HostName="<value>"
Replace
value
with
the
fully
qualified
host
name
of
the
Directory
Server.
-W
WzdIP_MSADInput.Port="<value>"
Replace
value
with
the
port
number
that
is
used
to
communicate
with
the
LDAP
server.
-W
WzdIP_MSADInput.SSLPort="<value>"
Replace
value
with
the
SSL
port
number
of
the
Directory
Server.
-W
WzdIP_MSADInput.SSLEnabled="<value>"
Replace
value
with
a
value
of
1,
if
it
needs
to
be
SSL
enabled.
Leave
the
value
field
empty
if
this
option
is
not
required.
If
you
have
provided
the
checked
the
value
of
1,
to
enable
SSL,
then,
you
must
complete
the
instructions
provided
in
the
section
Chapter
14,
“Establishing
secure
server
communication
using
SSL,”
on
page
87
after
installing
Tivoli
Provisioning
Manager
successfully.
-W
WzdIP_WAS.DNSSuffixName="value"
Replace
value
with
the
DNS
suffix
name.
-W
WzdIP_WAS.InstallDir="<value>"
Replace
value
with
WebSphere
Application
Server
installation
directory.
-W
WzdIP_NetView.
ChkNetViewInstall="<value>"
Enter
the
value
of
1
if
Netview
requires
to
be
installed.
Leave
the
value
field
empty
if
this
option
is
not
required.
Creating
the
response
file
template
during
installation
Creating
the
response
file
installs
Tivoli
Provisioning
Manager
and
records
the
options
you
select
in
a
response
file.
1.
Log
on
as
user
with
administrator
privileges.
If
you
are
on
a
Windows
2003
system,
run
the
following
command
before
installing
the
application:
change
user
/install
2.
To
create
a
response
file,
start
the
installation
by
running
the
following
command
in
a
DOS
command
prompt.
Replace
the
variable
file_name
with
the
file
name
with
which
you
have
saved
the
original
template.
82
Tivoli
Provisioning
Manager
Installation
Guide
start
/W
setupwin32.exe
-options-record
file_name
Note:
You
must
prefix
the
command
with
start
/W
otherwise
the
installer
will
not
complete
properly.
3.
Running
the
command,
starts
the
graphic
installer.
Refer
the
Chapter
11,
“Installing
and
configuring
Tivoli
Provisioning
Manager
using
the
graphical
installer,”
on
page
63
for
more
information.
After
the
installation,
the
response
file
is
created
with
all
the
options
that
is
recorded.
Once
the
installation
is
complete,
the
command
prompt
appears
again.
4.
The
Tivoli
Provisioning
Manager
has
now
been
installed
successfully.
Restart
the
Tivoli
Provisioning
Manager
server.
5.
After
installation,
refer
to
the
log
files
to
determine
if
the
silent
installation
was
successful.
For
more
information,
refer
the
section,
Appendix
E,
“Installation
log
files,”
on
page
121.
Post-installation
steps
After
you
have
installed
Tivoli
Provisioning
Manager,
you
must
complete
the
tasks
in
this
section.
1.
Login
as
tioadmin.
The
tioadmin
user
has
to
be
granted
with
Log
On
As
Service
privileges,
which
is
not
currently
performed
by
installer.
To
grant
the
privilege,
do
the
following:
a.
Go
to
Start–
>
Programs–
>
Admin
tools
b.
Start
Local
Security
Policy
Management
console.
c.
In
that
console
go
to:
Local
Policies–
>User
Rights
Assignment
d.
Add
tioadmin
user
to
the
Log
on
as
service
property.2.
Edit
the
file
%TIO_HOME%\xml\datacentermodel.xml.
Search
for
the
variables
listed
below
and
replace
the
variable
with
the
appropriate
values.
@MACADDR@
Replace
this
variable
with
the
MAC
address
of
the
network
interface
(NIC).
@NICIF@
Replace
this
variable
with
the
name
of
the
network
interface.
For
example,
eth0,
en0,
bge0,
Local
Area
Connection.
@TIOPWD@
Replace
this
variable
with
the
password
for
user
tioadmin.
@VLANID@
Replace
this
variable
with
the
VLAN
identifier
of
the
VLAN
to
which
the
Tivoli
Provisioning
Manager
server
is
attached.
For
example,
10,
203.
@MACHINEMODEL@
Replace
this
variable
with
the
description
of
the
hardware
model
of
the
Tivoli
Provisioning
Manager
server.
For
example,
iSeries
335,
IBM
7028-6C4.3.
Run
the
following
command
on
one
line
as
user
tioadmin:
%TIO_HOME%\tools\xmlimport.cmd
file:%TIO_HOME%\xml\datacentermodel.xml
You
must
specify
the
full
directory
path
to
the
datacentermodel.xml
file.
Chapter
13.
Installing
Tivoli
Provisioning
Manager
using
the
silent
installer
83
The
next
steps
After
installing
and
configuring
Tivoli
Provisioning
Manager,
log
on
to
the
application.
For
more
information,
see
“Requirements
to
start
Tivoli
Provisioning
Manager”
on
page
105
and
“Stopping
Tivoli
Provisioning
Manager”
on
page
106.
If
you
want
to
use
the
reporting
functionality
of
Tivoli
Provisioning
Manager,
you
must
install
and
configure
Tivoli
Data
Warehouse
1.2
and
the
Tivoli
Provisioning
Manager
Warehouse
Enablement
Pack,
as
described
in
Chapter
16,
“Displaying
reports
from
Tivoli
Data
Warehouse,”
on
page
101.
To
view
the
reports,
you
must
first
enable
the
warehouse
pack.
For
more
information,
see
Chapter
16,
“Displaying
reports
from
Tivoli
Data
Warehouse,”
on
page
101.
84
Tivoli
Provisioning
Manager
Installation
Guide
Part
5.
Post-installation
tasks
This
section
contains
information
on
enabling
SSL,
configuring
SSH
and
installing
the
Tivoli
Data
Warehouse,
Warehouse
Enablement
Pack.
This
section
includes
the
following
chapters:
v
Chapter
14,
“Establishing
secure
server
communication
using
SSL,”
on
page
87
v
Chapter
15,
“Configuring
OpenSSH,”
on
page
97
v
Chapter
16,
“Displaying
reports
from
Tivoli
Data
Warehouse,”
on
page
101
©
Copyright
IBM
Corp.
2003,
2004
85
86
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
14.
Establishing
secure
server
communication
using
SSL
Secure
Sockets
Layer
(SSL)
connections
rely
on
the
existence
of
digital
certificates.
A
digital
certificate
reveals
information
about
its
owner,
including
their
identity.
During
the
initialization
of
an
SSL
connection,
the
server
must
present
its
certificate
to
the
client
for
the
client
to
determine
the
server
identity.
The
client
can
also
present
the
server
with
its
own
certificate
for
the
server
to
determine
the
client
identity.
SSL
is
therefore,
a
means
of
propagating
identity
between
components.
This
solution
assumes
that
WebSphere
Application
Server
is
installed
and
configured
with
Tivoli
Directory
Server
without
SSL
being
enabled.
Communication
between
the
Tivoli
Provisioning
Manager,
WebSphere
Application
Server,
Tivoli
Directory
Server,
and
the
client
can
be
secured
using
SSL.
The
complete
solution
involves
the
SSL
configuration
between
WebSphere
Application
Server,
Tivoli
Provisioning
Manager,
and
the
Tivoli
Directory
Server.
Two
certificates
are
required
to
accomplish
the
configuration:
v
One
certificate
is
required
for
the
SSL
communication
between
the
client
and
WebSphere
Application
Server.
v
A
second
certificate
is
required
for
Tivoli
Directory
Server
and
Tivoli
Provisioning
Manager.
Note:
For
information
on
configuring
SSL
when
you
are
installing
Microsoft
Active
Directory,
see
“Configuring
SSL
for
Windows
2000”
on
page
55,
or
“Configuring
SSL
for
Windows
2003
Server”
on
page
57,
depending
on
which
machine
you
are
using.
The
global
security
kit
(GSKit)
Secure
Sockets
Layer
(SSL)
communication
in
Tivoli
Provisioning
Manager
is
provided
by
installing
the
IBM
Global
Security
Kit
(GSKit)
on
the
workstation
hosting
your
Web
server.
This
kit
helps
the
Web
server
connect
to
your
Application
Server.
To
determine
the
version
of
GSKit
installed,
use
the
gsk7ver
command,
located
within
the
GSKit
installation
directory
tree.
The
gsk7ver
command
invokes
all
of
the
GSKit
shared
libraries
and
displays
version
information
about
each
library.
The
default
location
is:
C:\Program
Files\IBM\gsk7\bin
For
more
information
see
the
IBM
Global
Security
Kit
Secure
Sockets
Layer
Introduction
and
iKeyman
User
Guide.
The
key
management
utility
(iKeyman)
WebSphere
Application
Server
provides
a
graphical
tool,
the
key
management
utility
(iKeyman),
for
managing
keys
and
certificates.
With
iKeyman
you
can:
v
Create
a
new
key
database.
v
Create
a
self-signed
digital
certificate.
v
Add
certificate
authority
(CA)
roots
to
the
key
database
as
a
signer
certificate.
v
Request
and
receive
a
digital
certificate
from
a
CA.
©
Copyright
IBM
Corp.
2003,
2004
87
To
start
the
key
management
utility
(iKeyman)
1.
Move
to
theinstall_root/bin
directory.
2.
Issue
the
command
ikeyman.batikeyman.sh
to
invoke
(iKeyman).
3.
A
graphical
user
interface
of
the
key
management
utility
appears.
About
keystores
The
keystore
file
is
a
key
database
file
that
contains
both
public
keys
and
private
keys.
Public
keys
are
stored
as
signer
certificates
while
private
keys
are
stored
in
the
personal
certificates.
The
keys
are
used
for
a
variety
of
purposes,
including
authentication
and
data
integrity.
Four
keystores
and
two
self-signed
certificates
are
needed
for
the
SSL
configuration.
GSKit
manages
the
different
types
of
keystore
including
CMS,
JKS,
JCEKS,
and
PKCS12.
About
self-signed
certificates
A
self-signed
personal
certificate
is
a
temporary
digital
certificate
you
issue
to
yourself,
acting
as
the
certificate
authority
(CA).
Creating
a
self-signed
certificate
creates
a
private
key
and
a
public
key
within
the
key
database
file.
The
self-signed
certificate
is
created
in
a
keystore
file
and
it
is
useful
when
you
develop
and
test
your
application.
It
is
possible
to
use
either
self-signed
certificates
or
signing
certificates
signed
by
a
CA
(Certificate
Authority)
to
enable
LDAP
over
SSL.
The
important
point
to
note
is
that
any
certificates
required
to
establish
the
full
certificate
signing
trust
chain
must
be
made
available
to
WebSphere
Application
Server
and
the
client.
For
a
self-signed
certificate,
the
certificate
trust
chain
consists
of
only
the
one
self-signed
LDAP
server
certificate.
For
a
certificate
signed
by
a
CA,
the
certificate
chain
confirming
the
identity
and
validity
of
the
signing
CA
must
be
included.
Either
a
purchased
certificate
or
a
self-generated
CA
signing
certificate
may
be
used.
Creating
keystores
and
self-signed
certificates
This
section
explains
the
process
of
creating
keystores
and
self-signed
certificates.
Creating
a
keystore
for
the
Tivoli
Directory
Server
This
section
describes
how
to
create
a
keystore
for
the
Tivoli
Directory
Server.
The
LDAP
Keystore,
LDAP_SSL.kdb,
contains
a
self-signed
certificate.
1.
Launch
the
IBM
ikeyman
tool.
2.
Create
a
new
key
database
to
store
the
certificate.
You
can
manage
multiple
certificates
in
the
single
key
database.
3.
From
the
ikeyman
menu
bar,
select
Key
Database
File
->
New
4.
Apply
the
following
settings
and
click
OK
when
you
are
done:
v
Key
database
file:
CMS
v
File
name:
LDAP_SSL.kdb
v
Location:
For
example:
IDS_installdir\keys
.
Replace
IDS_installdir
with
the
Tivoli
directory
server
installation
directory.5.
At
the
password
prompt
window,
enter
an
appropriate
password.
The
more
random
the
password,
the
higher
the
password
strength.
6.
Select
the
Stash
the
password
to
a
file
option
check-box.
The
password
is
now
stored
as
an
encrypted
database
password
in
a
stash
file.
7.
Click
Key
Database
File
-->
Exit.
88
Tivoli
Provisioning
Manager
Installation
Guide
Obtaining
a
personal
certificate
from
a
Certificate
Authority
If
you
plan
to
use
a
certificate
from
a
Certificate
Authority
(such
as
VeriSign(R)),
instead
of
a
self-signed
certificate,
you
must
request
the
certificate
from
the
CA
and
then
receive
it
after
it
has
been
completed.
If
you
plan
to
use
a
self-signed
certificate,
skip
this
section
and
go
to
“Creating
and
extracting
a
Self-signed
Certificate
for
the
Tivoli
Directory
Server.”
To
request
and
receive
a
certificate:
1.
Use
gsk4ikm
to
request
a
certificate
from
a
CA
and
then
receive
the
new
certificate
into
your
key
database
file.
2.
Click
the
Personal
Certificate
Requests
section
of
the
key
database
file.
3.
Click
New.
4.
Fill
in
all
the
information
to
produce
a
request
that
can
be
sent
to
the
Certificate
Authority.
5.
Click
OK.
6.
After
the
CA
returns
the
certificate,
you
can
instal
it
into
your
key
database
file
by
clicking
the
Personal
Certificates
section,
and
then
clicking
Receive.
7.
After
you
have
the
LDAP
client’s
certificate
in
the
key
database
file,
you
can
add
the
client
certificate
to
the
LDAP
server.
Go
to
″Adding
a
Signer
Certificate″.
Creating
and
extracting
a
Self-signed
Certificate
for
the
Tivoli
Directory
Server
If
you
obtained
a
certificate
from
a
known
Certificate
Authority,
as
described
in
“Obtaining
a
personal
certificate
from
a
Certificate
Authority,”
skip
this
section
and
go
to
“Enabling
SSL”
on
page
91.
To
create
a
new
self-signed
certificate
and
store
it
into
the
key
database
file:
1.
Use
iKeyman
to
open
the
LDAP_SSL.kdb
key
file.
The
IBM
Key
Management
window
title
bar
shows
the
name
of
the
key
database
file
you
selected,
indicating
that
the
file
is
open
and
ready.
2.
Select
Create
->
New
Self-Signed
Certificate
to
create
a
new
private-public
self-sign
certificate
key
pair.
3.
Apply
the
following
settings
and
then
click
OK
when
you
are
done.
v
Key
Label:
LDAPSSL
v
Version:
X509
V3
v
Key
Size:
1024
v
Common
Name:
host
name.
Replace
value
with
the
fully
qualified
host
name
such
as
myorg.mycompany.com
v
Organization
(optional):
Replace
with
your
company’s
name.
v
Locality
(optional):
(For
example:
RTP)
v
State/province
(optional):
(For
example:
North
Carolina)
v
Zipcode
(optional):
(For
example:
NC
27709)
v
Country:
(For
example:
US)
v
Validity
Period:
3654.
This
completes
the
creation
of
the
LDAP
server’s
personal
certificate.
It
should
appear
in
the
Personal
Certificates
section
of
the
key
database
file.
Use
the
middle
bar
of
the
Key
Management
Tool
to
select
between
the
types
of
certificates
kept
in
the
key
database
file.
The
certificate
should
also
appear
in
the
Signer
Certificates
section
of
the
key
database
file.
When
you
are
in
the
Chapter
14.
Establishing
secure
server
communication
using
SSL
89
|||
Signer
Certificates
section
of
the
Key
Database,
verify
that
the
new
certificate
is
there.
Next,
you
must
extract
your
LDAP
server’s
certificate
to
a
Binary
DER
data
data
file.
5.
Extract
the
public
self-signed
certificate
key
using
Extract
Certificate,
as
this
will
be
used
later
by
WebSphere
Application
Server
to
encrypt
LDAP
authentication
request
sent
to
the
Tivoli
Directory
Server.
6.
Select
the
Personal
Certificates
in
the
ikeyman
drop-down
menu
and
select
the
LDAP
SSL
certificate
named
ldapSSLCert.der.
7.
Click
the
Extract
Certificate
button,
ensuring
that
LDAP
SSL
remains
selected.
In
the
window
entitled
Extract
a
Certificate
to
a
File,
enter
the
values
shown
below
and
click
OK
when
you
are
finished.
Supplement
your
own
values
where
necessary.
v
Data
type:
Binary
DER
data
v
Certificate
filename:LDAPSSLcert.der
v
Type
the
location
where
you
want
to
store
the
extracted
certificate
:
For
example:
IDS_installdir\keys
.
Replace
IDS_installdir
with
the
Tivoli
directory
server
installation
directory.
v
Close
the
key
database
and
quit
ikeyman
when
you
are
finished.8.
Click
OK.
You
can
now
configure
the
LDAP
server
to
enable
SSL.
Go
to
“Configure
Tivoli
Directory
Server
to
use
SSL”
on
page
91
Creating
a
keystore
on
WebSphere
Application
Server
to
enable
SSL
access
from
the
client
For
SSL
communication
between
WebSphere
and
the
client,
create
a
keystore,
Webspheressl.jks.
It
will
contain
a
self-signed
certificate
for
external
SSL
communication
with
the
client
browsers.
1.
Launch
IBM
ikeyman
tool.
2.
Create
a
new
key
database
to
store
the
certificate.
You
can
manage
multiple
certificates
in
the
single
key
database.
3.
From
the
ikeyman
menu
bar,
select
Key
Database
File
->
New
4.
Apply
following
settings
and
click
OK
when
you
are
done:
v
Key
database
file:
Use
the
default
jks
format.
v
File
name:
webspheressl.jks
v
Location:
\WAS_INSTALLDIR\etc
5.
At
the
password
prompt
window,
enter
the
password
of
your
choice.
The
more
random
the
password,
the
higher
the
password
strength.
6.
Select
Stash
the
password
to
a
file
option
check-box.
The
password
is
now
stored
as
an
encrypted
database
password
in
a
stash
file.
Creating
self-signed
personal
certificate
for
theWebSphere
Application
Server
If
you
obtained
a
certificate
from
a
known
Certificate
Authority,
as
described
in
“Obtaining
a
personal
certificate
from
a
Certificate
Authority”
on
page
89,
skip
this
section.
To
create
a
new
self-signed
certificate
and
store
it
into
the
key
database
file,
complete
the
following
steps:
1.
Use
iKeyman
to
open
the
webspheressl.jks
key
file.
The
IBM
Key
Management
window
title
bar
shows
the
name
of
the
key
database
file
you
selected,
indicating
that
the
file
is
open
and
ready.
90
Tivoli
Provisioning
Manager
Installation
Guide
2.
From
ikeyman
menu
bar,
select
Create
->
New
Self-Signed
Certificate
to
create
a
new
private-public
self-sign
certificate
key
pair.
3.
Apply
following
settings
and
click
OK
when
you
are
done.
v
Key
Label:
UMI
WAS
Self
Signed
v
Version:
X509
V3
v
Key
Size:
1024
v
Common
Name:
host
name.
Replace
value
with
the
fully
qualified
host
name
such
as
myorg.mycompany.com
v
Organization
(optional):
Replace
with
your
company’s
name.
v
Locality
(optional):
(For
example:
RTP)
v
State/province
(optional):
(For
example:
North
Carolina)
v
Zipcode
(optional):
(For
example:
NC
27709)
v
Country:
(For
example:
US)
v
Validity
Period:
3654.
Save
and
Exit.
Creating
a
keystore
from
the
WebSphere
Application
Server
to
Tivoli
Directory
Server
For
SSL
communication
between
WebSphere
and
the
Tivoli
Directory
Server,
create
a
keystore,
WASLDAPSSL.jks.
It
will
contain
a
self-signed
certificate
for
internal
SSL
communication
with
the
Tivoli
Directory
Server.
The
Tivoli
Directory
Server
Keystore,
LDAP_SSL.kdb,
which
contains
a
self-signed
certificate
will
be
distributed
and
imported
into
to
WASLDAPSSL.jks
of
WebSphere
Application
Server
and
the
Tivoli
Provisioning
Manager
keystores.
This
certificate
is
mainly
for
internal
use.
1.
Launch
IBM
ikeyman
tool
that
was
installed
during
WebSphere
Portal
installation
and
supports
CMS
key
database
format.
2.
Create
a
new
key
database
to
store
the
certificate.
You
can
manage
multiple
certificates
in
the
single
key
database.
3.
From
the
ikeyman
menu
bar,
select
Key
Database
File
->
New
4.
Apply
following
settings
and
click
OK
when
you
are
done:
v
Key
database
file:
Use
the
default
jks
format.
v
File
name:
WASLDAPSSL.jks
v
Location:
For
example:
\WAS_INSTALLDIR\etc
5.
At
the
password
prompt
window,
enter
an
appropriate
password.
The
more
random
the
password,
the
higher
the
password
strength.
6.
Select
Stash
the
password
to
a
file
option
check-box.
The
password
is
now
stored
as
an
encrypted
database
password
in
a
stash
file.
Enabling
SSL
This
chapter
provides
information
on
enabling
SSL
on
Tivoli
Directory
Server
and
Tivoli
Provisioning
Manager.
Configure
Tivoli
Directory
Server
to
use
SSL
To
configure
the
LDAP
server
to
use
SSL:
1.
Make
sure
that
the
LDAP
server
is
installed
and
running
if
you
will
be
using
LDAP
as
the
user
registry.
Chapter
14.
Establishing
secure
server
communication
using
SSL
91
2.
Launch
Tivoli
Directory
Server
Web
Administration.
3.
Ensure
that
the
user
account
with
which
you
are
logging
in
has
administrative
privileges.
Select
Server
administration
->
Manage
security
properties
->
SSL
key
database,
fill
in
the
information
and
click
OK.
Do
not
enter
the
password
since
the
password
stash
file
is
generated
when
creating
certificate.
4.
Select
SSL
settings
to
choose
SSL
on
and
click
OK.
5.
Restart
Tivoli
Directory
Server.
The
configuration
of
SSL
on
LDAP
is
done.
6.
Copy
the
Self-Signed
Certificate
to
the
Tivoli
Provisioning
Manager
server.
The
certificate
in
this
example
is
named
as
ldapSSLCert.der.
Import
the
Tivoli
Directory
Server
public
certificate
into
theWebSphere
Application
Server
key
database
1.
Launch
GSKit
7
on
the
Tivoli
Provisioning
Manager
server.
2.
Click
Open
a
key
database
file.
Locate
the
Tivoli
Provisioning
Manager
keystore.
The
Tivoli
Provisioning
Manager
keystore
can
be
configured
using
the
administrator
console.
The
default
keystore
is
DummyServerTrustFile.jks
under
<WAS-ROOT>/etc
where
<WAS-ROOT>
is
the
installation
directory
for
WebSphere
Application
Server.
3.
Make
sure
that
JKS
is
selected
for
the
Key
database
type.
4.
Type
in
WebAS
when
prompted
for
password.
5.
Select
Signer
Certificates
under
the
drop
down
list,
and
click
Add.
6.
A
window
pops
up,
select
Binary
DER
data
and
locate
the
Self-Signed
Certificate.
7.
Click
OK.
8.
Input
the
value
of
the
label.
For
example:
LDAP51.
9.
Click
OK.
The
entry
LDAP51
should
appear
in
the
list.
Configure
the
Tivoli
Provisioning
Manager
server
to
use
SSL
The
next
step
is
to
configure
Tivoli
Provisioning
Manager
so
that
SSL
is
used.
To
enable
SSL,
configure
the
user-factory.xml
to
indicate
that
SSL
is
being
used:
1.
Open
up
the
user-factory.xml
file
in
an
editor.
The
file
will
look
like
this:
<ldap-port>389</ldap-port>
<ldaps-port>636</ldaps-port>
<ssl-for-binding>true</ssl-for-binding>
<root>
For
example:
dc=ibm,dc=com</root>
2.
If
the
value
in
the
<ssl-for-binding>true</ssl-for-binding>
tag
is
set
to
false,
replace
it
with
true.
3.
Click
Save.
Configure
WebSphere
Application
Server
to
access
Tivoli
Directory
Server
using
SSL
This
section
provides
information
on
configuring
the
WebSphere
Application
Server
to
access
the
Tivoli
Directory
Server
using
SSL.
1.
Use
GSKit
to
launch
the
WASLDAPSSL.jks.
Import
the
certificate
generated
from
the
LDAP
server,
i.e.
ldapSSLCert.der.
2.
Logon
to
WebSphere
Application
Server
admin
console
3.
Select
Security
->
Global
Security
4.
Verify
the
following
values:
92
Tivoli
Provisioning
Manager
Installation
Guide
v
Global
Security
is
checked.
v
Java
2
Security
is
not
checked.
v
Active
User
Registry
=LDAP
5.
Select
Security->SSL,
click
New
to
create
a
new
SSL
Configuration
Repertoires.
Fill
in
the
following
information:
v
Alias:
LDAP
SSL.
This
specifies
one
of
the
SSL
configurations
in
the
repertoire
to
use.
v
Key
File
Name:
$USER_INSTALL_ROOT/etc/WASLDAPSSL.jks
%USER_INSTALL_ROOT%
\WASLDAPSSL.jks
where
USER_INSTALL_ROOT
is
the
fully
qualified
path
name
to
the
public
keys
and
private
keys.
v
Key
File
Password.
This
is
the
password
for
accessing
the
key
file.
v
Key
File
Format:JKS.
This
is
the
format
of
the
key
file.
v
Trust
File
Name:
This
is
the
fully
qualified
path
name
to
the
trust
file
containing
the
public
keys.
v
Trust
File
Password:
This
is
the
password
for
accessing
the
trust
file.
v
Trust
File
Format:
JKS
v
Security
Level:
High
v
Click
OK
to
apply
the
change.
v
Click
Save
to
save
the
change
6.
Select
Security->User
Registries->LDAP,
select
SSL
Enabled.
7.
Select
the
port:
(Default
SSL
LDAP
port
is
636)
and
port
389
is
for
non-ssl.
Select
LDAPSSL
for
SSL
Configuration.
8.
Verify
Server
User
ID,
password,
type,
base
DN
values.
9.
WebSphere
Application
Server
validates
the
LDAP
connection
and
user
using
SSL
port.
If
configuration
is
okay,
you
will
see
a
Save
warning
message.
If
you
get
Validation
failed
or
any
other
exception,
that
means
some
thing
wrong
with
LDAP
server
parameters
on
LDAP
screen.
10.
Click
Apply
and
then
click
Save.
11.
Stop
and
start
WebSphere
Application
Server
to
activate
the
security
changes.
Configuring
WebSphere
Application
Server
and
the
client
to
use
SSL
This
section
provides
information
on
configuring
the
WebSphere
Application
Server
and
the
client
using
SSL.
1.
Use
GSKit
to
launch
the
WASLDAPSSL.jks.
Import
the
certificate
generated
from
the
LDAP
server,
i.e.
ldapSSLCert.der.
2.
Logon
to
WebSphere
Application
Server
admin
console
3.
Select
Security
->
Global
Security
4.
Verify
the
following
values:
v
Global
Security
is
checked.
v
Java
2
Security
is
not
checked.
v
Active
User
Registry
=LDAP
5.
Select
Security->SSL,
click
New
to
create
a
new
SSL
Configuration
Repertoires.
Fill
in
the
following
information:
v
Alias:
InboundSSL.
This
specifies
one
of
the
SSL
configurations
in
the
repertoire
to
use.
Chapter
14.
Establishing
secure
server
communication
using
SSL
93
v
Key
File
Name:
$USER_INSTALL_ROOT/etc/WASLDAPSSL.jks
%USER_INSTALL_ROOT%
\WASLDAPSSL.jks
where
USER_INSTALL_ROOT
is
the
fully
qualified
path
name
to
the
public
keys
and
private
keys.
v
Key
File
Password.
This
is
the
password
for
accessing
the
key
file.
v
Key
File
Format:JKS.
This
is
the
format
of
the
key
file.
v
Trust
File
Name:
This
is
the
fully
qualified
path
name
to
the
trust
file
containing
the
public
keys.
v
Trust
File
Password:
This
is
the
password
for
accessing
the
trust
file.
v
Trust
File
Format:
JKS
v
Security
Level:
High
v
Click
OK
to
apply
the
change.
v
Click
Save
to
save
the
change
6.
Select
Servers
->
Application
Servers
->
server1.
7.
Select
the
Web
Container
under
the
server.
8.
Select
HTTP
transports
under
the
Web
Container.
9.
Select
the
*
(asterisk)
in
the
line
where
9080
is
the
port.
10.
Select
Security->User
Registries->LDAP,
select
SSL
Enabled.
11.
Select
the
port:
(Default
SSL
LDAP
port
is
636)
and
port
389
is
for
non-ssl.
Select
InboundSSL
for
SSL
Configuration.
12.
Verify
Server
User
ID,
password,
type,
base
DN
values.
13.
WebSphere
Application
Server
validates
the
LDAP
connection
and
user
using
SSL
port.
If
configuration
is
okay,
you
will
see
a
Save
warning
message.
If
you
get
Validation
failed
or
any
other
exception,
that
means
some
thing
wrong
with
LDAP
server
parameters
on
LDAP
screen.
14.
Click
Apply
and
Save.
15.
Stop
and
start
WebSphere
Application
Server
to
activate
the
security
changes.
Note:
The
http://{servername}:9080/tc
Web
address
will
no
longer
work.
To
properly
connect
replace
the
http
with
https
Installation
of
e-fix
for
SSL
communication
An
e-fix
for
the
SSL
communication
between
Tivoli
Provisioning
Manager
and
Tivoli
Directory
Server
is
provided.
Before
applying
the
e-fix,
make
sure
the
e-fix
contains
the
following
files
,
and
backup
the
corresponding
files
in
cygwin\home\thinkcontrol\lib:
v
de.sar
v
engines.sar
v
plumbing.jar
v
tcdrivermanager.jar
v
tcje.ear
To
install
the
e-fix:
1.
Copy
de.sar
to
cygwin\home\thinkcontrol\lib
2.
Copy
engines.sar
to
cygwin\home\thinkcontrol\lib
3.
Copy
plumbing.jar
to
cygwin\home\thinkcontrol\lib
4.
Copy
tcdrivermanager.jar
to
cygwin\home\thinkcontrol\lib
5.
Copy
tcje.ear
to
cygwin\home\thinkcontrol\lib
6.
Start
WebSphere
Application
Server
if
it
is
not
already
started.
94
Tivoli
Provisioning
Manager
Installation
Guide
7.
Log
on
to
Admin
console.
8.
Go
to
Application
->
Enterprise
Applications
and
stop
TCEAR
9.
Go
to
Application
->
Enterprise
Applications,
select
TCEAR
and
click
Uninstall
to
uninstall
the
TCEAR
from
WebSphere
Application
Server.
10.
Once
it
is
uninstalled,
save
the
changes.
11.
Go
to
Application->Install
New
Application,
and
input
the
location
of
the
.ear
file
in
the
server.
Click
Next.
12.
For
the
next
series
of
panels,
click
Next
to
accept
the
default
settings
until
you
reach
the
Summary
panel.
13.
On
the
Summary
panel,
click
Finish
to
start
deploying
TCEAR.
14.
The
message
Application
TCEAR
installed
successfully
appears.
15.
Save
the
changes.
16.
Go
to
Application->Enterprise
Applications,
start
TCEAR,
and
the
application
should
be
started
successfully.
17.
Log
off
from
WebSphere
Application
Server
admin
console
and
restart
Tivoli
Provisioning
Manager
to
activate
the
changes.
The
next
steps
The
SSL
communication
is
now
enabled.
Chapter
14.
Establishing
secure
server
communication
using
SSL
95
96
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
15.
Configuring
OpenSSH
This
chapter
provides
details
about
configuring
OpenSSH
on
the
Tivoli
Provisioning
Manager
server.
OpenSSH
is
an
open
source
version
of
the
SSH
secure
shell
system.
Configuring
SSH
on
Windows
2000
This
chapter
provides
details
about
configuring
OpenSSH
on
the
Tivoli
Provisioning
Manager
server
on
a
Windows
2000
environment.
SSH
is
installed
as
part
of
Cygwin.
1.
Log
in
as
tioadmin.
2.
To
generate
host
keys,
open
a
Cygwin
bash
shell
window
and
run
the
following
command:
/usr/bin/ssh-host-config
-y.
This
command
generates
three
different
keys-DSA,
RSA,
RSA1,
each
corresponding
to
a
different
encryption
algorithm
.
This
allows
a
system
to
establish
SSH
sessions
with
systems
requiring
any
one
of
these
encryption
algorithms.
This
will
generally
not
be
used
when
running
the
software
on
a
single
system.
3.
When
prompted
for
environment
variables,
press
Enter
to
accept
the
defaults.
The
command
will
automatically
install
the
services.
4.
Next,
set
the
security
level
of
Cygwin
to
ntsec
and
change
the
permissions
of
the
empty
directory
(the
home
directory
of
the
SSH
daemon
user)
to
prevent
modification
by
anyone
other
than
administrator
or
root.
5.
Start
the
Cygwin
service
by
running
the
following
command
(it
will
automatically
start
when
rebooted)
:
cygrunsrv
-S
sshd
6.
Type
cd
and
select
Enter
to
return
to
the
Cygwin
home
directory.
7.
You
must
provide
keys
for
the
user
to
access
SSH.
These
are
user
keys
as
opposed
to
host
keys.
The
host
key
previously
generated
is
used
for
session
encryption
purposes.
The
user
key
is
used
to
establish
the
identity
of
the
user
in
lieu
of
a
password.
To
generate
the
user
keys,
type:
ssh—keygen
—t
rsa
-
N
""
8.
When
prompted
for
the
name
of
the
file
to
store
the
key,
accept
the
default
by
pressing
Enter.
9.
Switch
to
the
.ssh
directory
by
typing:
cd
.ssh.
Press
Enter.
10.
The
user
key
must
be
put
into
the
authorized_keys
file
of
the
user
account
on
the
server.
To
perform
this
task,
run
the
command:
cat
id_rsa.pub
>>authorized_keys
11.
To
configure
SSH
to
accept
connections
from
new
hosts
without
prompting
for
confirmation,
create
a
file
in
/home/thinkcontrol/.ssh
called
config.
The
file
should
contain
the
following
line:
StrictHostKeyChecking
no
12.
To
verify
that
SSH
is
configured
properly,
do
the
following:
a.
Ensure
the
Cygwin
service
is
started.
b.
To
log
in
to
the
local
host
through
SSH,
type
ssh
tioadmin@<localhost>,
where
<localhost>
is
your
host
name.
If
SSH
is
properly
configured
you
will
see
the
following
message:
Fanfare!!!
You
are
successfully
logged
in
to
this
server!!!
©
Copyright
IBM
Corp.
2003,
2004
97
c.
Exit
the
ssh
session
by
typing
exit.13.
Copy
the
id_rsa.pub
file,
which
contains
the
public
keys,
into
the
authorized
keys
file
of
the
administrative
account
of
any
server
in
the
data
center
which
the
Tivoli
Provisioning
Manager
server
must
communicate
with
or
manage.
This
includes
any
servers
in
the
data
center
which
Tivoli
Provisioning
Manager
is
managing.
Configuring
SSH
on
Windows
2003
This
chapter
provides
details
about
configuring
OpenSSH
on
the
Tivoli
Provisioning
Manager
server
on
a
Windows
2003
environment.
SSH
is
installed
as
part
of
Cygwin.
1.
Log
in
as
tioadmin.
2.
To
generate
host
keys,
open
a
Cygwin
bash
shell
window
and
run
the
following
command:
/usr/bin/ssh-host-config
-y.
This
command
generates
three
different
keys-DSA,
RSA,
RSA1,
each
corresponding
to
a
different
encryption
algorithm
.
This
allows
a
system
to
establish
SSH
sessions
with
systems
requiring
any
one
of
these
encryption
algorithms.
This
will
generally
not
be
used
when
running
the
software
on
a
single
system.
3.
When
prompted
for
environment
variables,
press
Enter
to
accept
the
defaults.
The
command
will
automatically
install
the
sshd
services.
4.
To
enable
the
passwordless
logon
functionality,
you
will
then
be
prompted
to
create
a
new
account
with
special
privileges.
The
script
would
create
a
new
account
and
you
will
then
be
prompted
for
a
password.
Enter
a
password
for
the
new
user
and
ensure
that
this
password
matches
the
password
rules
given
on
your
system.
5.
Accept
the
default
value
for
the
environment
variable
CYGWIN,
when
sshd
is
started
and
select
Enter.
6.
Next
right—click
on
My
Computers->Manage
and
then
add
the
user
account
created
by
Cygwin
to
the
Adminstrators
group.
7.
At
the
Cygwin
command
prompt
type
the
command:
mkpasswd
-l
>
/etc/passwd.
8.
Start
the
Cygwin
service
by
running
the
following
command
(it
will
automatically
start
when
rebooted)
:
cygrunsrv
-S
sshd
9.
You
must
provide
keys
for
the
user
to
access
SSH.
These
are
user
keys
as
opposed
to
host
keys.
The
host
key
previously
generated
is
used
for
session
encryption
purposes.
The
user
key
is
used
to
establish
the
identity
of
the
user
in
lieu
of
a
password.
To
generate
the
user
keys,
type
the
following
command
ssh-user-config
10.
Type
No
when
prompted
to
create
the
identity
files
and
press
Enter
when
prompted
for
a
passphrase.
Output
should
be
similar
to
this:
Shall
I
create
an
SSH1
RSA
identity
file
for
you?
(yes/no)
no
Shall
I
create
an
SSH2
RSA
identity
file
for
you?
(yes/no)
(yes/no)
no
Enter
passphrase
(empty
for
no
passphrase):
Enter
same
passphrase
again:
Do
you
want
to
use
this
identity
to
login
to
this
machine?
(yes/no)
no
Shall
I
create
an
SSH2
DSA
identity
file
for
you?
(yes/no)
(yes/no)
no
Configuration
finished.
Have
fun!
11.
Switch
to
the
.ssh
directory
by
typing:
cd
.ssh.
Select
Enter.
12.
The
user
key
must
be
put
into
the
authorized_keys
file
of
the
user
account
on
the
server.
To
perform
this
task,
run
the
command:
98
Tivoli
Provisioning
Manager
Installation
Guide
cat
id_rsa.pub
>>authorized_keys
13.
To
configure
SSH
to
accept
connections
from
new
hosts
without
prompting
for
confirmation,
create
a
file
in
/home/thinkcontrol/.ssh
called
config.
The
file
should
contain
the
following
line:
StrictHostKeyChecking
no
14.
To
verify
that
SSH
is
configured
properly,
do
the
following:
a.
Ensure
the
Cygwin
service
is
started.
b.
To
log
in
to
the
local
host
through
SSH,
type
ssh
tioadmin@<localhost>,
where
<localhost>
is
your
host
name.
If
SSH
is
properly
configured
you
will
see
the
following
message:
Fanfare!!!
You
are
successfully
logged
in
to
this
server!!!
c.
Exit
the
ssh
session
by
typing
exit.15.
Copy
the
id_rsa.pub
file,
which
contains
the
public
keys,
into
the
authorized
keys
file
of
the
administrative
account
of
any
server
in
the
data
center
which
the
Tivoli
Provisioning
Manager
server
must
communicate
with
or
manage.
This
includes
any
servers
in
the
data
center
which
Tivoli
Provisioning
Manager
is
managing.
The
next
step
After
you
have
completed
the
steps
in
this
chapter,
you
are
ready
to
start
using
OpenSSH
and
OpenSSL.
Chapter
15.
Configuring
OpenSSH
99
100
Tivoli
Provisioning
Manager
Installation
Guide
Chapter
16.
Displaying
reports
from
Tivoli
Data
Warehouse
This
chapter
provides
a
brief
overview
on
Tivoli
Data
Warehouse
V
1.2
with
fix
pack
01
and
Warehouse
Enablement
Pack
V1.0.
It
also
provides
information
on
displaying
reports
from
Tivoli
data
warehouse
after
installing
Tivoli
Provisioning
Manager.
Why
use
Tivoli
Data
Warehouse?
Using
Tivoli
Data
Warehouse,
you
can
create
a
data
warehouse
that
contains
data
about
your
IT
infrastructure,
including
network
devices
and
connections,
desktops,
hardware,
software,
events,
and
other
information.
With
this
information
in
a
data
warehouse,
you
can
analyze
your
IT
costs,
performance,
and
other
trends
across
your
enterprise.
Tivoli
Data
Warehouse
can
be
used
to
show
the
value
and
return
on
investment
of
Tivoli
and
IBM
software,
and
it
can
be
used
to
identify
areas
where
you
can
be
more
effective.
Moving
data
from
your
operation
data
stores
into
a
data
warehouse
keeps
your
operation
data
stores
efficient
while
preserving
historical
data
longer.
For
more
information
refer
the
Tivoli
Data
Warehouse
Installation
and
configuration
guide.
Why
use
Tivoli
Data
warehouse
packs?
A
warehouse
enablement
pack
(also
known
as
the
warehouse
pack)
is
a
separately-installable
software
that
provides
Tivoli
Data
Warehouse
functionality
for
a
specific
system
management
purpose.
Using
the
warehouse
pack
,
long
term
trends
that
demonstrate
Tivoli
Provisioning
Manager
efficiency
can
now
be
observed.
The
utilization
and
performance
measurement
data
that
is
used
to
generate
the
reports
can
also
be
used
as
a
tool
to
calculate
the
(ROI)
return
on
investment
in
Tivoli
Provisioning
Manager.
For
more
information
refer
the
Tivoli
Provisioning
Manager,
Version
2.1
Warehouse
EnablementPack,
Version
1.1.0
Implementation
Guide
for
Tivoli
Data
Warehouse,
Version
1.2.
Displaying
reports
To
display
Tivoli
Provisioning
Manager
reports
from
the
Tivoli
Data
Warehouse:
1.
Install
Tivoli
Data
Warehouse
in
your
IT
enterprise.
For
more
information,
refer
to
the
Tivoli
Data
Warehouse
Installation
and
configuration
guide
2.
Install
the
Tivoli
Intelligent
Orchestrator
Warehouse
Enablement
Pack.
For
more
information,
refer
to
Tivoli
Provisioning
Manager,
Version
2.1
Warehouse
EnablementPack,
Version
1.1.0
Implementation
Guide
for
Tivoli
Data
Warehouse,
Version
1.2.
3.
After
successful
installation
of
the
above
software
you
are
ready
to
connect
the
reports
on
Tivoli
Data
Warehouse
to
Tivoli
Provisioning
Manager.
4.
Run
Crystal
Enterprise
Launchpad.
5.
Click
Crystal
Management
Console–>
Manage
Objects.
6.
Perform
the
following
steps
for
each
report:
a.
Choose
a
report.
b.
Click
Preview.
Note:
The
report
itself
may
not
show
anything
at
this
point
this
is
expected
as
the
data
mart
will
not
have
data
since
the
ETLs
have
not
run
©
Copyright
IBM
Corp.
2003,
2004
101
c.
Copy
the
Web
address
for
that
report.
d.
Paste
this
Web
address
into
the
report.properties
file
for
the
corresponding
report.
The
report.properties
is
located
in
the
config
directory.
e.
Save
the
report.properties
file
after
you
have
copied
the
correct
Web
address
for
all
reports
into
the
file.
Note:
Do
Not
change
the
name
of
the
file
when
you
save
it.
f.
Restart
Tivoli
Provisioning
Manager
for
these
parameters
to
replace
the
old
values
cached
in
memory.
The
next
step
For
more
information
on
using
Tivoli
Data
Warehouse,
see
the
Tivoli
Provisioning
Manager
Version
2.1
Warehouse
Enablement
Pack,
Version
1.1.0
Implementation
Guide
for
Tivoli
Data
Warehouse,
Version
1.2
.
102
Tivoli
Provisioning
Manager
Installation
Guide
Part
6.
Appendixes
©
Copyright
IBM
Corp.
2003,
2004
103
104
Tivoli
Provisioning
Manager
Installation
Guide
Appendix
A.
Administrative
Tasks
This
appendix
describes
how
to
start
and
stop
the
Tivoli
Provisioning
Manager
server,
as
well
how
to
access
the
main
administrative
console.
For
additional
information
on
usingTivoli
Provisioning
Manager,
refer
to
the
Tivoli
Provisioning
Manager
Information
Center
available
from
the
Web
user
interface.
Requirements
to
start
Tivoli
Provisioning
Manager
Before
you
log
on
to
the
system,
ensure
that
you
have:
v
An
appropriate
Web
browser
v
The
fully
qualified
domain
name
(for
example,
hostname.domain.com)
and
port
number
for
the
Tivoli
Provisioning
Manager
server.
The
default
port
number
is
9080.
Contact
your
installation
team
to
obtain
the
correct
server
information.
v
Check
that
the
WebSphere
Application
Server
service
is
stopped.
v
Check
that
the
LDAP
server
and
the
database
servers
are
started.
v
Log
in
as
tioadmin.
You
can
start
the
application
in
two
ways:
v
“Launch
Tivoli
Provisioning
Manager
using
scripts”
v
“Launch
Tivoli
Provisioning
Manager
using
Windows
Service”
on
page
106
Note:
Use
only
one
method
to
start
and
stop
the
services.
For
example
if
you
are
launching
Tivoli
Provisioning
Manager
using
scripts,
use
the
same
method
to
stop
Tivoli
Provisioning
Manager.
Launch
Tivoli
Provisioning
Manager
using
scripts
1.
Open
the
console
window
and
switch
to
the
TIO_installdir\tools
directory
by
typing
cd
%TIO_HOME%\tools.
2.
To
start
the
application
using
the
script,
run
the
command:
tio_start.cmd
3.
At
the
User
name
prompt,
type
wasadmin
and
press
Enter.
4.
At
the
Password
prompt,
if
you
have
not
changed
the
password
for
WebSphere
Application
Server,
type
the
default
password
wasadmin
and
press
Enter.
5.
After
several
messages
and
several
minutes,
the
window
will
display
a
message
that
Tivoli
Provisioning
Manager
is
ready
to
run.
Important
Do
not
close
the
window
that
informs
you
that
the
application
is
running.
If
you
close
the
window,
Tivoli
Provisioning
Manager
will
fail.
6.
Start
Tivoli
Provisioning
Manager
by
following
the
steps
given
in
section
“Starting
the
application”
on
page
106.
7.
Check
the
log
file
TIO_installdir\logs\tio_start.log
for
any
errors
if
unable
to
start
the
application.
©
Copyright
IBM
Corp.
2003,
2004
105
Launch
Tivoli
Provisioning
Manager
using
Windows
Service
1.
Open
Services
Management
Console.
To
do
this
go
to
Start->
Programs
>
Administrative
Tools
>
Services
2.
Start
Tivoli
Provisioning
Manager
services.
3.
Follow
the
steps
given
in
section
“Starting
the
application.”
Note:
Starting
Tivoli
Provisioning
Manager
services,
starts
the
WebSphere
Application
Server
and
the
http
server.
Starting
the
application
To
start
using
the
application,
do
the
following:
1.
Open
your
Web
browser
to:
http://hostname:9080/tcWebUI/
Note:
You
must
use
the
fully-qualified
domain
name
of
the
server.
The
sign-on
will
fail
if
you
only
use
the
IP
address.where
hostname
is
the
fully-qualified
domain
name
of
the
server.
2.
Type
the
user
name
and
password.
The
default
user
ID
is
tioappadmin
and
the
default
password
is
tioappadmin.
Stopping
Tivoli
Provisioning
Manager
You
can
stop
the
application
in
two
ways:
v
“Stop
Tivoli
Provisioning
Manager
using
scripts”
v
“Stop
Tivoli
Provisioning
Manager
using
Windows
Service”
Stop
Tivoli
Provisioning
Manager
using
scripts
1.
Log
in
as
user
tioadmin.
2.
To
stop
the
application
using
the
script,
run
the
command:
tio_stop.cmd
3.
At
the
User
name
prompt,
type
wasadmin
and
press
Enter.
4.
At
the
Password
prompt,
if
you
have
not
changed
the
password
for
WebSphere
Application
Server,
type
the
default
password
wasadmin
and
press
Enter.
5.
Review
the
log
file
TIO_installdir\logs\tio_stop.log
for
errors.
6.
After
a
few
moments,
both
windows
will
close.
Stop
Tivoli
Provisioning
Manager
using
Windows
Service
1.
Log
in
as
user
tioadmin.
2.
Open
Services
Management
Console
.
To
do
this
go
to
Start->
Programs
>
Administrative
Tools
>
Services
3.
StopTivoli
Provisioning
Manager.
4.
Review
the
log
file
TIO_installdir\logs\tio_stop.log
for
errors.
5.
After
a
few
moments,
both
windows
will
close.
To
stop
Tivoli
Provisioning
Manager
you
need
to
stop
just
one
service,
IBM
Tivoli
Provisioning
Manager.
106
Tivoli
Provisioning
Manager
Installation
Guide
||
Signing
on
to
the
Web
interface
To
access
the
main
Tivoli
Provisioning
Manager
console:
1.
Open
a
Web
browser
and
enter
the
following
URL:
http://host_name:9080/tcWebUI
where
host_name
is
the
fully-qualified
domain
name
of
the
server.The
Sign
On
window
opens.
2.
Enter
your
user
name
and
password.
The
default
user
name
is
tioappadmin
and
if
you
have
not
already
changed
the
password,
the
default
password
is
tioappadmin.
Signing
off
from
the
Web
interface
To
sign
off
from
the
system,
click
Logoff.
The
Sign
Off
window
opens.
You
will
automatically
be
logged
off
the
system
after
thirty
minutes
of
session
inactivity.
Changing
Default
Passwords
Tivoli
Provisioning
Manager
requires
that
a
default
set
of
user
IDs
and
default
passwords
be
created
and
used
during
installation
and
configuration.
A
command
line
tool
is
provided
to
change
the
passwords
after
Tivoli
Provisioning
Manager
has
been
installed.
Using
the
command
line
tool,
you
can
change
the
passwords
for
the
following
user
IDs:
v
tioldap
v
wasadmin
v
tioappadmin
v
tiointernal
v
root
v
tiodb
To
change
the
password
for
one
of
the
default
user
IDs:
1.
Ensure
that
the
following
variables
are
currently
defined:
WAS_HOME,
JAVA_HOME,
TIO_HOME.
These
environment
variables
should
be
defined
after
the
Tivoli
Provisioning
Manager
installation
process
is
complete.
2.
Ensure
that
the
WebSphere
Application
Server
is
started.
3.
Log
in
as
tioadmin.
4.
Switch
to
the
TIO_installdir/tools
directory,
where
TIO_installdir
is
the
directory
where
Tivoli
Provisioning
Manager
is
installed.
5.
Run
the
following
command:
v
Windows:
changePassword.cmd
user_ID
new_password
current_was_password
where
the
variables
are:
user_ID
The
user
ID
that
has
the
password
you
want
to
change.
new_password
The
new
password
you
want
to
use
for
the
user
ID.
current_was_password
The
current
password
for
the
wasadmin
user
ID.
If
you
have
not
yet
changed
the
wasadmin
password,
use
the
default
value.
You
can
only
change
the
password
for
one
user
ID
at
a
time.
Appendix
A.
Administrative
Tasks
107
6.
Except
when
changing
the
password
for
user
ID
tioappadmin,
you
must
restart
the
WebSphere
Application
Server
and
Tivoli
Provisioning
Manager
after
each
password
change
for
the
change
to
take
effect.
For
more
information,
refer
to
“Requirements
to
start
Tivoli
Provisioning
Manager”
on
page
105
and
“Stopping
Tivoli
Provisioning
Manager”
on
page
106.
Note:
Stopping
and
starting
Tivoli
Provisioning
Manager
requires
you
to
enter
the
wasadmin
user
name
and
password.
After
using
the
changePassword
command
to
change
the
wasadmin
password,
stop
the
server
and
enter
the
old
wasadmin
password.
When
starting
the
server,
with
the
tio.sh
start
command,
use
the
new
wasadminpassword.
7.
If
you
are
changing
the
passwords
for
root
and
tiodb,
the
password
change
made
by
the
command
line
tool
is
only
registered
within
Tivoli
Provisioning
Manager.
Additionally,
you
must
also
make
the
password
change
within
Tivoli
Directory
Server
for
user
ID
root,
and
within
DB2
Universal
Database
for
user
ID
tiodb.
Refer
to
the
respective
product
documentation
for
instructions
on
changing
passwords
for
those
user
IDs.
108
Tivoli
Provisioning
Manager
Installation
Guide
Appendix
B.
Manual
configurations
This
appendix
describes
the
manual
configurations
you
can
complete
during
the
installation
process.
Manually
configuring
DB2
Universal
Database
If
you
selected
the
Do
not
perform
database
configuration
steps
option
on
the
Database
Configuration
panel
during
the
Tivoli
Provisioning
Manager
installation,
you
must
manually
configure
your
DB2
Universal
Database
before
you
can
continue
the
Tivoli
Provisioning
Manager
installation.
Creating
the
database
and
tablespaces
To
create
the
database
and
tablespaces:
1.
Log
on
to
the
DB2
server
as
DB2
instance
owner.
2.
Enter
the
following
commands
to
connect
to
the
new
database:
db2
connect
to
$DB2_DB_NAME
user
db2_instance_owner
using
pwd
db2
-tvf
tableshpace.sql
db2
-tvf
CDBTablespace.sql
where:
v
$DB2_DB_NAME
is
the
name
of
the
database
you
created
in
step
“Creating
the
database
and
tablespaces,”
db2_instance_owner
is
the
name
of
the
DB2
instance
owner,
and
pwd
is
the
password
for
the
DB2
instance
owner.
v
tablespace.sql
and
CDBTablespace.sql
are
located
on
the
installation
CD
in
tools/db/db2/
Configuring
the
DB2
client
to
communicate
with
the
DB2
server
Important
Complete
this
step
only
for
a
topology
where
DB2
Universal
Database
and
Tivoli
Provisioning
Manager
are
installed
on
separate
machines.
1.
Log
on
as
DB2
instance
owner
to
the
Tivoli
Provisioning
Manager
server
with
the
DB2
client
installed.
2.
Open
a
DB2
command
line
processor
and
enter
the
following
commands:
catalog
tcpip
node
<db_node>
remote
<dbserver_hostname>
server
50000
catalog
db
<db_name>
as
<db_alias>
at
node
<db_node>
where
the
variables
are
defined
as
follows:
db_node
A
local,
user-defined
alias
for
the
node
to
be
cataloged.
This
is
an
arbitrary
name
on
the
user’s
workstation,
used
to
identify
the
node.
It
should
be
a
meaningful
name
to
make
it
easier
to
remember.
The
name
must
conform
to
database
manager
naming
conventions.
©
Copyright
IBM
Corp.
2003,
2004
109
dbserver_hostname
The
host
name
of
the
node
where
the
target
database
resides.
The
host
name
is
the
name
of
the
node
that
is
known
to
the
TCP/IP
network.
Maximum
length
is
255
characters.
db_name
Specifies
the
name
of
the
database
to
catalog.
This
is
the
name
of
the
database
you
created
in
step
“Creating
the
database
and
tablespaces”
on
page
109.
db_alias
Specifies
an
alias
as
an
alternate
name
for
the
database
being
cataloged.
If
an
alias
is
not
specified,
the
database
manager
uses
db_name
as
the
alias.
Record
the
value
used,
as
you
will
be
prompted
for
it
during
Tivoli
Intelligent
ThinkDynamic
Orchestrator
and
Tivoli
Provisioning
Manager
installation.
Manually
configuring
Tivoli
Directory
Server
as
the
directory
server
If
you
selected
the
Do
not
perform
LDAP
server
configuration
steps
(for
advanced
users
only)
option
on
the
LDAP
Configuration
panel
during
the
Tivoli
Provisioning
Manager
installation,
you
must
complete
the
configuration
manually
before
you
can
continue
the
Tivoli
Provisioning
Manager
installation:
Copy
the
file
schema.ldif
from
the
Tivoli
Provisioning
Manager
Version
2.1
CD
located
in
the
tools\ldap
to
the
IBM
Tivoli
Directory
Server
5.2
home
directory.
To
configure
the
Tivoli
Directory
Server:1.
Click
Start
—>
Programs
—>
IBM
Tivoli
Directory
Server
5.2
—>
Directory
Configuration.
2.
Click
Add,
and
then
click
OK.
3.
Click
Manage
Schema
files
and
then:
a.
Browse
to
the
IBM
Tivoli
Directory
Server
5.2
home
directory
and
select
the
schema.ldif.
b.
Click
Add
and
then
click
OK.4.
Click
Manage
suffixes
and
set
the
Suffix
DN
to
the
appropriate
values
for
your
environment.
5.
Click
Import
ldif
data
and
then:
a.
Browse
to
tools\ldap
on
the
Tivoli
Provisioning
Manager
Version
2.1
CD,
and
then
select
ldap.ldif
b.
Click
Standard
import
and
then
click
Import.
c.
Verify
that
all
entries
are
added
successfully.6.
Close
the
Directory
Configuration
window.
7.
Return
to
the
LDAP
Configuration
panel
on
the
Tivoli
Provisioning
Manager
installer
to
continue
the
installation.
Manually
configuring
Microsoft
Active
Directory
as
the
directory
server
on
Windows
2000
If
you
selected
the
Do
not
perform
LDAP
server
configuration
steps
(for
advanced
users
only)
option
on
the
LDAP
Configuration
panel
during
the
Tivoli
Provisioning
Manager
installation,
you
must
complete
the
following
configuration
tasks
manually
before
you
can
continue
the
Tivoli
Provisioning
Manager
installation:
110
Tivoli
Provisioning
Manager
Installation
Guide
v
Managing
the
schema
file
v
Importing
the
LDIF
file.
Managing
the
schema
The
default
schema
of
a
Microsoft
Active
Directory
installation
must
be
updated
to
accommodate
Tivoli
Provisioning
Manager
attributes.
The
user
who
logs
on
to
run
the
scripts
should
have
administrator
privileges.
Tool
prerequisites
You
will
need
the
following
tools
to
manage
the
schema:
v
The
utility
LDIFDE
to
support
batch
operations
such
as
add,
create,
and
modify
which
can
be
used
with
Microsoft
Active
Directory.
This
utility
is
included
with
Microsoft
Active
Directory.
v
The
OID
generator
program
oidgen.exe,
to
generate
valid
object
IDs
which
are
used
to
add
an
attribute.
This
tool
is
located
in
the
netmgmt.cab
file
of
the
Windows
2000
Resource
Kit.
File
prerequisites
You
will
need
the
following
files
to
manage
the
schema:
v
schema.ldif.
This
file
updates
the
Microsoft
Active
Directory
schema.
You
will
find
this
file
on
the
Provisioning
Manager/Intelligent
ThinkDynamic
Orchestrator
Version
2.1
CD
in
\toos\ldap\msad.
v
Windows
2000
users:
tiodata.ldif.
This
file
stores
the
initial
data
for
Tivoli
Provisioning
Manager.
You
will
find
this
file
on
the
Tivoli
Provisioning
Manager
Version
2.1
CD
in
\toos\ldap\msad.
All
Tivoli
Provisioning
Manager
specific
users
and
groups
will
be
created
under
the
Tivoli
Provisioning
Manager
organizational
unit
Running
the
schema
management
scripts
When
you
update
a
schema,
the
updated
information
is
first
added
to
the
on-disk
copy
of
the
schema.
Schema
changes
are
not
visible
immediately.
The
schema
cache
is
refreshed
approximately
five
minutes
after
any
change
is
made
to
the
on-disk
copy
of
the
schema
1.
Ensure
that
the
object
IDs
have
been
regenerated
so
that
they
will
not
conflict
with
the
existing
object
IDs.
2.
Run
oidgen.exe
from
the
command
prompt
of
the
Microsoft
Active
Directory
server,
to
prevent
conflicts
with
existing
object
IDs.
3.
Open
a
command
prompt
and
change
to
the
\toos\ldap\msad
directory
on
the
Tivoli
Intelligent
ThinkDynamic
Orchestrator
and
Tivoli
Provisioning
Manager
Version
2.1
CD.
This
directory
contains
the
schema.ldif
file.
4.
In
the
schema.ldif
file:
a.
Replace
the
attributeID
of
cn=role
with
the
Attribute
Base
OID
that
is
generated
by
oidgen.exe.
b.
Replace
the
governsID
of
cn=thinkControlUser
with
the
Class
Base
OID
that
is
generated
by
oidgen.exe.5.
Enter
the
following
command
on
one
line
and
replace
Base_DN
with
the
appropriate
set
of
values:
ldifde
–i
–f
schema.ldif
–c
"DC=MYCOMPANY,DC=com"
"Base_DN"
–t
636
For
example,
if
your
directory
server
domain
is
Mydomain.Mycompany.com,
the
command
is:
Appendix
B.
Manual
configurations
111
ldifde
–i
–f
schema.ldif
–c
"DC=MYCOMPANY,DC=com"
"DC=Mydomain,DC=Mycompany,DC=com"
–t
636
Note:
In
the
example
command
above,
the
appropriate
value
for
Base_DN
is
"DC=Mydomain,DC=Mycompany,DC=com"
Importing
the
LDIF
file
To
import
the
LDIF
file:
1.
Open
a
command
prompt
and
change
to
the
directory
\toos\ldap\msad
on
the
Tivoli
Intelligent
ThinkDynamic
Orchestrator
and
Tivoli
Provisioning
Manager
Version
2.1
CD.
This
directory
contains
the
tiodata.ldif
file.
2.
Enter
the
following
command
on
one
line
and
replace
Base_DN
with
the
appropriate
set
of
values:
ldifde
–i
–f
tiodata.ldif
–c
"DC=MYCOMPANY,DC=com"
"Base_DN"
–t
636
For
example,
if
your
directory
server
domain
is
Mydomain.Mycompany.com,
the
command
is:
ldifde
–i
–f
tiodata.ldif
–c
"DC=MYCOMPANY,DC=com"
"DC=Mydomain,DC=Mycompany,DC=com"
–t
636
Note:
In
the
example
command
above,
the
appropriate
value
for
Base_DN
is
"DC=Mydomain,DC=Mycompany,DC=com"
When
you
have
managed
the
schema
and
imported
the
LDIF
file,
return
to
the
LDAP
Configuration
panel
on
the
Tivoli
Provisioning
Manager
installer
to
continue
the
installation.
112
Tivoli
Provisioning
Manager
Installation
Guide
Appendix
C.
Uninstalling
Tivoli
Provisioning
Manager
This
chapter
provides
details
on
how
to
uninstall
Tivoli
Provisioning
Manager
using
one
of
three
methods:
v
Uninstalling
using
the
graphical
uninstaller
v
Uninstalling
using
the
silent
installer
v
Uninstalling
using
the
non-graphical
uninstaller
Note:
The
uninstaller
doesl
not
check
if
Tivoli
Provisioning
Manager
is
running
before
uninstalling.
However,
there
will
be
a
warning
message
on
a
separate
panel
at
the
beginning
of
the
uninstallation
informing
you
that
Tivoli
Provisioning
Manager
must
be
shut
down
before
you
uninstall
it.
Uninstalling
using
the
graphical
uninstaller
To
uninstall
using
the
graphical
uninstaller:
1.
Log
on
as
Administrator.
If
you
are
on
a
Windows
2003
system,
run
the
following
command
before
uninstalling
the
application:
change
user
/install
2.
From
the
Tivoli
Provisioning
Manager
installation
directory,
switch
to
the
%TIO_HOME%\_uninst\_uninstTPM
directory
and
run
uninstaller.exe.
3.
You
can
also
click
Start->
Settings->
Control
Panel->
Add/Remove
Programs->
Tivoli
Provisioning
Manager,
and
then
click
Remove..
4.
On
the
Tivoli
Provisioning
Manager
box,
select
the
language
you
want
the
graphical
uninstaller
to
use,
and
click
OK.
5.
The
Welcome
panel
opens.
Click
Next.
6.
On
the
next
panel,
you
are
presented
with
the
option
to
remove
the
Tivoli
Provisioning
Manager
database.
If
you
want
to
remove
the
database,
click
the
check
box.
This
will
drop
the
Tivoli
Provisioning
Manager
database.
It
will
not
uninstall
your
database
server.
Click
Next.
7.
If,
in
the
previous
step,
you
selected
to
drop
the
database,
the
Database
Configuration
panel
appears.
Enter
the
instance
owner
and
password.
This
is
required
to
drop
the
database.
Click
Next.
8.
On
the
WebSphere
Application
Server
configuration
panel,
the
WebSphere
Application
Server
installation
directory
is
auto-detected,
along
with
the
user
ID
and
password.
Note:
The
WebSphere
Application
Server
security
will
be
turned
off
after
uninstallation
and
runAsUserproperty
of
the
WebSphere
Application
Server
will
be
rolled
back
to
root.
The
WebSphere
Application
Server
unconfiguration
removes
the
Tivoli
Provisioning
Manager
configuration.
9.
On
the
Uninstallation
Preview
panel,
review
the
selections
you
have
made.
To
correct
any
of
the
options
you
have
selected,
click
Back
and
then
make
any
required
changes.
When
the
selections
are
correct,
click
Next.
Tivoli
Provisioning
Manager
will
be
uninstalled.
10.
When
the
uninstallation
and
unconfiguration
is
complete,
the
Uninstallation
summary
panel
opens
and
indicates
whether
the
uninstall
completed
successfully.
Click
Finish.
©
Copyright
IBM
Corp.
2003,
2004
113
Uninstalling
using
the
silent
uninstaller
Uninstalling
using
the
silent
uninstaller
functions
similarly
to
the
silent
install
process.
With
both
methods,
you
can
complete
the
task
in
multiple
ways.
Uninstalling
using
the
response
file
template
To
uninstall
Tivoli
Provisioning
Manager,
using
the
response
file
template:
1.
Logon
as
Administrator.
If
you
are
on
a
Windows
2003
system,
run
the
following
command
before
starting
the
installer
in
a
DOS
command
window:
change
user
/install
2.
Ensure
Tivoli
Provisioning
Manager
is
not
running
3.
Locate
the
response
file
template
uninstall_templ.req
located
in
the
in
the
_unistall
directory
and
copy
the
file
to
a
directory
on
your
machine.
4.
Save
the
original
template
as
a
text
file
with
another
name
to
customize
it.
Then,
jot
down
the
full
path
name
for
the
response
file.
This
would
be
your
working
copy
of
the
response
file.
5.
Open
the
working
copy
of
the
template
text
file
in
an
editor
and
change
the
parameter
values
in
the
file
as
appropriate
for
your
choice
of
products
and
configuration.
Refer
to
the
section
Table
6
on
page
115
below
for
the
values
to
specify
for
each
variable.
6.
To
start
the
uninstallation,
switch
to
the
_uninst/_uninst
Tivoli
Provisioning
Manager
directory
,
and
run
the
command:
./uninstaller.exe
-options
<file
name>
-silent
7.
The
uninstaller
begins
to
uninstall
all
the
options
that
were
selected
in
the
response
file.
This
will
take
a
few
minutes.
This
indicates
that
the
uninstallation
is
in
progress.
8.
The
command
prompt
appears
again.
To
check
if
Tivoli
Provisioning
Manager
has
been
uninstalled,
check
the
%TIO_HOME%
directory.
9.
Tivoli
Provisioning
Manager
is
now
uninstalled.
Recording
an
uninstallation
Creating
the
response
file
uninstalls
Tivoli
Provisioning
Manager
and
records
the
options
you
select
in
a
response
file.
1.
You
must
be
logged
on
to
the
system
as
user
with
administrative
privileges.
If
you
are
on
a
Windows
2003
system,
run
the
following
command
before
starting
the
installer:
change
user
/install
2.
Ensure
Tivoli
Provisioning
Manager
is
not
running
3.
To
create
a
response
file
template,
which
you
will
later
customize,
run
the
command
and
replace
the
variable
file_name
with
the
name
and
fully
qualified
path
of
the
response
file.
./uninstaller.exe
-options-record
<file
name>
4.
This
will
create
a
template
response
file
with
the
file
name
you
specified.
5.
The
uninstaller
begins
to
uninstall
all
the
options
that
were
selected
in
the
response
file.
This
will
take
a
few
minutes.
The
cursor
will
keep
blinking
on
the
command
prompt.
This
indicates
that
the
uninstallation
is
in
progress.
6.
The
command
prompt
appears
again.
To
check
if
Tivoli
Provisioning
Manager
has
been
uninstalled,
check
the
%TIO_HOME%
directory.
7.
Tivoli
Provisioning
Manager
is
now
uninstalled.
114
Tivoli
Provisioning
Manager
Installation
Guide
Note:
The
passwords
in
the
response
file
accept
only
encrypted
values.
If
the
response
file
is
being
created
to
run
the
installation,
then,
you
must
get
the
encrypted
value
of
the
password.
Do
not
enter
the
text
password
in
the
password
value
field.
To
get
the
encrypted
value
of
the
password:
1.
Run
the
script
named
encrypt.bat
located
in
the
tools
directory
on
the
CD.
2.
Run
the
command:
encrypt.bat
text_password.
Replace
the
variable
text_password
with
your
text
password.
3.
Write
down
the
encrypted
value
of
the
password
that
is
generated.
Specifying
response
file
values
To
edit
the
response
file
template,
follow
these
steps:
1.
Locate
the
lines
with
the
leading
###
characters.
2.
Specify
a
value
for
a
setting
by
replacing
the
<value>
variable
with
the
proper
values.
Refer
the
table
below
for
description
on
each
of
the
variables.
3.
Remove
the
leading
###
characters
from
the
beginning
of
the
lines.
4.
Save
the
changes
to
the
file.
Table
6.
Response
file
values
User
Input
Field
Description
-W
UWzrd_DB2Config.RemoveDBConfig=
"<value>"
Removes
the
DB2
database.
Enter
1
if
you
want
to
remove
the
database.
Leave
the
value
field
empty
if
this
option
is
not
required.
-W
UWzdIP_DB2.Admin
Name="<value>"
Enter
the
DB2
Server
Instance
owner.
-W
UWzdIP_DB2.Admin
Password="<value>"
Enter
the
DB2
Server
Instance
owner
password
-W
UWzrd_OracleConfig.
RemoveDBConfig=
"<value>"
Removes
the
Oracle
database
user.
Enter
1
if
you
want
to
remove
the
Oracle
user.
Leave
the
value
field
empty
if
this
option
is
not
required.
-W
UWzdIP_DB2.Admin
Name="<value>"
Enter
the
Oracle
database
administrator
name.
-W
UWzdIP_DB2.Admin
Password="<value>"
Enter
the
Oracle
database
administrator
password
-W
UWzdIP_WAS.Install
Dir="<value>"
Enter
the
full
path
for
the
WebSphere
Application
Server
installation
directory.
-W
UWzdIP_WAS.AdminUser="<value>"
Enter
the
WebSphere
Application
Server
administrator
name.
-W
UWzdIP_WAS.Admin
Password=
"<value"
Enter
the
WebSphere
Application
Server
administrator
password.
-W
UWzdIP_WAS.TurnOff="1"
Do
not
modify
this
value.
Note:
The
WebSphere
Application
Server
security
will
be
turned
off
after
uninstallation
and
runAsUserproperty
of
the
WebSphere
Application
Server
will
be
rolled
back
to
root
Appendix
C.
Uninstalling
Tivoli
Provisioning
Manager
115
Uninstall
using
the
console
mode
This
section
provides
the
step-by-step
procedures
for
uninstalling
Tivoli
Provisioning
Manager
using
a
non-graphical
installation
process.
1.
Log
on
as
Administrator.
If
you
are
on
a
Windows
2003
system,
run
the
following
command
before
starting
the
PICS
installer:
change
user
/install
2.
From
the
Tivoli
Provisioning
Manager
installation
directory,
switch
to
the
/_uninst
directory
and
run
the
uninstaller.exe-console
command
to
launch
the
uninstaller
application.
3.
On
the
Tivoli
Provisioning
Manager
box,
select
the
language
you
want
the
graphical
uninstaller
to
use.
Choose
the
number
according
to
the
language
option
required
or
select
0
for
default
option
or
when
finished.
4.
Select
1
for
Next
to
continue
with
the
installation
or
select
one
of
the
following
options:
v
2
for
the
Previous
screen.
v
3
for
Cancel.
v
4
to
Redisplay.
5.
On
the
next
screen,
you
have
the
option
to
remove
the
Tivoli
Provisioning
Manager
database.
If
you
wish
to
remove
the
database,
click
the
check
box.
This
will
drop
the
Tivoli
Provisioning
Manager
database.
It
will
not
uninstall
your
database
server.
Click
Next.
6.
If,
in
the
previous
step,
you
selected
to
drop
the
database,
the
Database
Configuration
screen
appears.
Enter
the
instance
owner
and
password.
This
is
required
to
drop
the
database.
7.
Select
1
for
Next
to
continue
with
the
installation
or
select
one
of
the
following
options:
v
2
for
the
Previous
screen.
v
3
for
Cancel.
v
4
to
Redisplay.
8.
On
the
next
screen,
you
have
the
option
to
remove
the
WebSphere
Application
Server.
The
WebSphere
Application
Server
installation
directory
is
auto-detected
and
filled
in,
along
with
the
user
ID
and
password.
WebSphere
Application
Server
unconfiguration
will
remove
all
Tivoli
Provisioning
Manager
configuration,
and
remove
the
wasadmin
user
ID.
9.
Select
1
for
Next
to
continue
with
the
installation
or
select
one
of
the
following
options:
v
2
for
the
Previous
screen.
v
3
for
Cancel.
v
4
to
Redisplay.10.
The
next
screen
summarizes
the
installation
information
you
have
entered.
Review
the
information
to
ensure
it
is
accurate.
11.
Select
1
for
Next
to
continue
with
the
uninstallation
or
select
one
of
the
following
options:
v
2
for
the
Previous
screen.
v
3
for
Cancel.
v
4
to
Redisplay.12.
Tivoli
Provisioning
Manager
will
be
uninstalled.
116
Tivoli
Provisioning
Manager
Installation
Guide
13.
When
the
uninstallation
and
unconfiguration
is
complete,
the
Uninstallation
summary
screen
is
displayed
and
will
indicate
whether
uninstallation
completed
successfully.
14.
Select
Finish
to
exit
the
wizard.
Press
3
to
Finish
or
4
to
Redisplay
.
After
uninstalling
Tivoli
Provisioning
Manager
there
will
still
be
a
number
of
files
remaining
in
the
directory
where
Tivoli
Provisioning
Manager
was
installed.
Uninstallation
will
only
remove
files
created
during
the
installation
process.
All
other
files
will
not
be
removed.
For
example,
log
files,
.xml
files,
workflow
files,
and
automation
package
files
will
not
be
removed.
Files
remaining
after
uninstallation
After
uninstalling
Tivoli
Provisioning
Manager
there
are
a
number
of
files
remaining
in
the
directory
where
Tivoli
Provisioning
Manager
was
installed.
Uninstallation
will
only
remove
files
created
during
the
installation
process.
All
the
other
files
will
not
be
removed.
For
example:
v
Tivoli
Netview
will
also
not
be
removed.
Netview
must
be
uninstalled
manually.
v
Tivoli
GUID
v
log
files
Appendix
C.
Uninstalling
Tivoli
Provisioning
Manager
117
118
Tivoli
Provisioning
Manager
Installation
Guide
Appendix
D.
Installing
Behind
a
Firewall
This
appendix
describes
how
to
install
Tivoli
Intelligent
ThinkDynamic
Orchestrator
or
Tivoli
Provisioning
Manager
behind
a
firewall,
when
the
application
and
the
boot
servers
are
on
one
side
of
the
firewall,
and
the
remainder
of
the
managed
infrastructure
is
on
the
other
side.
If
the
management
LAN
where
you
intend
to
install
Tivoli
Intelligent
ThinkDynamic
Orchestrator
or
Tivoli
Provisioning
Manager
is
protected
by
a
firewall,
the
communication
ports
that
are
listed
in
the
following
table
must
be
open.
Protocol
Source
Port
Destination
Port
From
To
DHCP
REQUEST
UDP
(broadcast)
any
67
managed
servers
think
control
DCHP
REPLY
UDP
67
68
think
control
managed
servers
PROXY
DHCP
UDP
any
4011
managed
servers
think
control
TFTP
UDP
any
69
managed
servers
think
control
BootDiscovery
UDP
(multicast)
any
4011
managed
servers
think
control
IP:232.1.0.1
MTFTPPort
UDP
any
4015
managed
servers
think
control
MTFTPClients
UDP
(multicast)
any
8500
think
control
managed
servers
IP:232.1.0.1
NBPServer
UDP
any
4012
managed
servers
think
control
FileServerPort
UDP
any
4013
managed
servers
think
control
FileMCAST-
Address
UDP
any
10000
think
control
managed
servers
IP:239.2.0.1
FASTPort
UDP
any
4025
managed
servers
think
control
SSH
TCP
any
22
think
control
managed
servers
Telnet
TCP
any
23
managed
servers
think
control
TS
TCP
any
3389
think
control
managed
servers
SNMP
UDP
any
161
think
control
managed
servers
SNMP-TRAP
UDP
any
162
managed
servers
think
control
©
Copyright
IBM
Corp.
2003,
2004
119
120
Tivoli
Provisioning
Manager
Installation
Guide
Appendix
E.
Installation
log
files
This
chapter
describes
the
default
locations
for
the
installation
log
files.
Prerequisite
software
—
graphical
installer
process
When
you
install
the
prerequisite
software
for
Tivoli
Provisioning
Manager
using
the
graphical
installer,
the
log
files
for
this
installation
process
are
located
in
c:\Program
Files\IBM\pics\logs\.
Prerequisite
software
When
the
graphical
installer
process
installs
the
prerequisite
software,
the
logs
for
the
installation
of
the
individual
software
products
are
located
here:
DB2
Universal
Database
v
c:\Program
Files\IBM\pics\logs\db2server.out
v
c:\Program
Files\IBM\pics\logs\db2server.err
v
c:\Program
Files\IBM\pics\logs\db2serverfixpack.out
v
c:\Program
Files\IBM\pics\logs\db2serverfixpack.err
v
c:\IBM\SQLLIB\pics\*
v
c:\Documents
and
Settings\user_logged_in_as\MyDocuments\DB2LOG\*.log
v
c:\Program
Files\IBM\pics\logs\*
Directory
server
Directory
server
log
files
are
located
in:
v
c:\Documents
and
Settings\user_logged_in_as\ldapinst.log
v
c:\Program
Files\IBM\pics\logs\*
WebSphere
Application
Server
WebSphere
Application
Server
log
files
are
located
in:
v
Base
install=
Base_install_location\logs
v
c:\Program
Files\IBM\pics\logs\*
v
c:\Documents
and
Settings\user_logged_in_as%TEMP%\*
Tivoli
Provisioning
Manager
When
you
install
Tivoli
Provisioning
Manager,
the
log
files
for
this
installation
follow
the
Tivoli
Common
Directory
standard,
and
are
located
in
the
following
directory:
C:\Program
Files\ibm\tivoli\common\COP\logs\install\
Silent
installer
process
After
you
complete
a
silent
installation,
refer
to
the
log
file
to
determine
if
the
silent
installation
was
successful.
The
log
file
is
located
in:
%TEMP%\tclog\tcinstall.log
©
Copyright
IBM
Corp.
2003,
2004
121
Information
required
to
solve
silent
installation
problems
If
a
silent
installation
is
unsuccessful,
gather
the
following
information
to
send
to
IBM
Tivoli
Software
Support
so
that
they
can
help
diagnose
the
problem:
v
Any
Windows
event
log
relevant
to
the
failed
installation.
v
The
setup
log
file.
v
Operating
system
level.
v
Service
pack
information.
v
Hardware
description.
v
Installation
package
(CD-ROM
or
electronic
download)
and
level.
v
Windows
services
that
were
active
during
the
unsuccessful
installation
(for
example,
antivirus
software).
v
Whether
you
are
logged
on
to
the
local
machine
console
(not
via
terminal
server).
v
Whether
you
are
logged
on
as
a
local
administrator,
not
a
domain
administrator
(Tivoli
does
not
support
cross-domain
installs).
Tivoli
Provisioning
Manager
start
log
When
you
start
Tivoli
Provisioning
Manager,
the
application
creates
a
log
file,
tio_start.log.
The
tio_start.log
file
is
located
in
%TIO_HOME%\logs
Tivoli
Provisioning
Manager
uninstallation
logs
When
you
uninstall
Tivoli
Provisioning
Manager,
the
log
files
for
the
uninstall
process
follow
the
Tivoli
Common
Directory
standard,
and
are
located
in
C:\Program
Files\ibm\tivoli\common\COP\logs\uninstall\
The
next
step
After
you
have
installed
the
prerequisite
software,
you
must
install
the
required
patches
for
the
servers
you
installed.
Proceed
to
Chapter
8,
“Applying
mandatory
patches
to
Tivoli
Directory
Server
and
the
WebSphere
Application
Server,”
on
page
49
and
complete
the
procedures.
122
Tivoli
Provisioning
Manager
Installation
Guide
Notices
This
information
was
developed
for
products
and
services
offered
in
the
U.S.A.
IBM
may
not
offer
the
products,
services,
or
features
discussed
in
this
document
in
other
countries.
Consult
your
local
IBM
representative
for
information
on
the
products
and
services
currently
available
in
your
area.
Any
reference
to
an
IBM
product,
program,
or
service
is
not
intended
to
state
or
imply
that
only
that
IBM
product,
program,
or
service
may
be
used.
Any
functionally
equivalent
product,
program,
or
service
that
does
not
infringe
any
IBM
intellectual
property
right
may
be
used
instead.
However,
it
is
the
user’s
responsibility
to
evaluate
and
verify
the
operation
of
any
non-IBM
product,
program,
or
service.
IBM
may
have
patents
or
pending
patent
applications
covering
subject
matter
described
in
this
document.
The
furnishing
of
this
document
does
not
grant
you
any
license
to
these
patents.
You
can
send
license
inquiries,
in
writing,
to:
IBM
Director
of
Licensing
IBM
Corporation
North
Castle
Drive
Armonk,
NY
10504-1785
U.S.A.
The
following
paragraph
does
not
apply
to
the
United
Kingdom
or
any
other
country
where
such
provisions
are
inconsistent
with
local
law:
INTERNATIONAL
BUSINESS
MACHINES
CORPORATION
PROVIDES
THIS
PUBLICATION
″AS
IS″
WITHOUT
WARRANTY
OF
ANY
KIND,
EITHER
EXPRESS
OR
IMPLIED,
INCLUDING,
BUT
NOT
LIMITED
TO,
THE
IMPLIED
WARRANTIES
OF
NON-INFRINGEMENT,
MERCHANTABILITY
OR
FITNESS
FOR
A
PARTICULAR
PURPOSE.
Some
states
do
not
allow
disclaimer
of
express
or
implied
warranties
in
certain
transactions,
therefore,
this
statement
may
not
apply
to
you.
This
information
could
include
technical
inaccuracies
or
typographical
errors.
Changes
are
periodically
made
to
the
information
herein;
these
changes
will
be
incorporated
in
new
editions
of
the
publication.
IBM
may
make
improvements
and/or
changes
in
the
product(s)
and/or
the
program(s)
described
in
this
publication
at
any
time
without
notice.
Any
references
in
this
information
to
non-IBM
Web
sites
are
provided
for
convenience
only
and
do
not
in
any
manner
serve
as
an
endorsement
of
those
Web
sites.
The
materials
at
those
Web
sites
are
not
part
of
the
materials
for
this
IBM
product
and
use
of
those
Web
sites
is
at
your
own
risk.
IBM
may
use
or
distribute
any
of
the
information
you
supply
in
any
way
it
believes
appropriate
without
incurring
any
obligation
to
you.
Licensees
of
this
program
who
wish
to
have
information
about
it
for
the
purpose
of
enabling:
(i)
the
exchange
of
information
between
independently
created
programs
and
other
programs
(including
this
one)
and
(ii)
the
mutual
use
of
the
information
which
has
been
exchanged,
should
contact:
©
Copyright
IBM
Corp.
2003,
2004
123
IBM
Canada
Ltd.
Office
of
the
Lab
Director
8200
Warden
Avenue
Markham,
Ontario
L6G
1C7
Canada
Such
information
may
be
available,
subject
to
appropriate
terms
and
conditions,
including
in
some
cases,
payment
of
a
fee.
The
licensed
program
described
in
this
document
and
all
licensed
material
available
for
it
are
provided
by
IBM
under
terms
of
the
IBM
Customer
Agreement,
IBM
International
Program
License
Agreement
or
any
equivalent
agreement
between
us.
Trademarks
The
IBM
logo
and
the
following
terms
are
trademarks
or
registered
trademarks
of
International
Business
Machines
Corporation
in
the
United
States
or
other
countries
or
both:
DB2®
DB2
Universal
Database
IBM
WebSphere
Tivoli
UNIX®
is
a
registered
trademark
of
The
Open
Group
in
the
United
States,
other
countries,
or
both.
Pentium®
and
Intel®
are
registered
trademarks
of
Intel
Corporation
in
the
United
States,
other
countries,
or
both.
Java
and
all
Java-based
trademarks
and
logos
are
trademarks
or
registered
trademarks
of
Sun
Microsystems,
Inc.
in
the
United
States,
other
countries,
or
both.
Microsoft
and
Windows
are
trademarks
or
registered
trademarks
of
Microsoft
Corporation
in
the
United
States,
other
countries,
or
both.
Linux
is
a
trademark
of
Linus
Torvalds
in
the
United
States,
other
countries,
or
both.
Other
company,
product
and
service
names
may
be
trademarks
or
service
marks
of
others.
124
Tivoli
Provisioning
Manager
Installation
Guide
����
Printed
in
USA
GC32-1614-00