Installing and Configuring Access Manager
You are now ready to install Access Manager and other components on the Windows computer you are using for the evaluation.
To install components on the Windows computer
-
On the physical or virtual computer where you downloaded Verify Privilege Server Suite software, double-click autorun.
-
On the Getting Started page, click Authentication & Privilege.
-
On the Welcome page click Next.
-
Review the terms of the license agreement, click I agree to these terms, then click Next.
-
Type your name and organization, then click Next.
-
Select the components to install, then click Next.
-
Accept the default C:\Program Files\Centrify location for installing components, or click Browse to select a different location, then clickNext.
-
Click Next to disable publisher verification.
-
Review the components you have selected, then click Next to begin installing components.
-
Deselect the Configure and start Zone Provisioning Agent option, then click Finish.
Because you are going to configure the service account for the Zone Provisioning Agent in a later exercise, click Yes to dismiss the warning about the Zone Provisioning Agent running as the local system account.
-
Click Exit to close the Getting Started page.
Starting Access Manager for the First Time
After installing Access Manager and other components, you should have the new Access Manager icons on your desktop.
You are now ready to start using Access Manager. The first time you open Access Manager it creates Active Directory containers to store IBM Security licenses and zone information.
To start Access Manager for the first time
-
Open Access Manager by double-clicking the icon on the desktop.
-
Verify the name of the domain controller, then click OK.
The default is the domain controller to which the Windows computer is joined. If you want to connect to a different forest, type the name of adomain controller in that forest. If you want to connect to the forest withdifferent credentials, select Connect as another user, then type a user name and password to connect as.
-
In the Setup Wizard Welcome page, click Next.
-
Verify that Use currently connected user credentials is selected to use your current logon account, then click Next.
You must be logged on with an account that has Active Directory administrator rights in the target organizational unit.
If your logon account does not have those rights, select Specify alternate user credentials and enter a different user name and password.
-
Select Generate IBM Security recommended deployment structure and Generate default deployment structure, then click Next.
-
Select a location for installing license keys in Active Directory, then click Next.
The Setup Wizard displays information about the Read permissions that must be granted on the container. Click Yes to continue.
-
Type or copy and paste the license key you received, click Add, then click Next.
If you received the license key in a text file, you can click Import to import the key directly from the file, then click Next.
-
Click Next to use the default container for the IBM Security zones.
-
Accept the default permission delegation and click Next.
-
Review the summary of your selections, then click Next.
-
Click Finish.
After you click Finish, Access Manager displays.
Creating the First Zone
The next step in configuring your evaluation for access control and privilege management is to create a IBM Security zone. Zones enable you to define and control access privileges for users and groups in your organization. By using zones, you can limit who has access to different computers and where users have permission to exercise elevated privileges.
To create a parent zone
-
Open Access Manager.
-
Click Create Zone.
-
Type a name and description for the zone, for example Headquarters, then click Next.
-
Leave Use default zone type selected, and click Next.
-
Verify information about the zone you are creating, then click Finish.
You now have one parent zone. You can have multiple parent zones or a single parent zone, depending on your needs. If you expand the Zones node, the left pane displays your new zone.
Access Manager automatically creates the Computers, UNIX Data and Authorization nodes for each zone you create. These nodes enable you specify precise access privileges for computer and application administrators in each zone.
A parent zone can have one or more child zones. Child zones inherit information from the parent zone. For example, you can define access rights, roles, and role assignments in a parent zone and use them or change them in a child zone. You will work with child zones in a later exercise.
Now that you have Access Manager installed and have configured your first zone, you are ready to install the Verify Privilege Server Suite Agent on a UNIX or Linux computer.