RapidIdentity Administrators' and Users' Guide

CentOS 7 Appliance Installation

Recent changes to ISO controllers for RapidIdentity have caused the Appliance Installation procedure to change slightly. With CentOS 6 installations, RapidIdentity administrators could configure network settings during installation, but with CentOS 7, this is no longer the case.

Note

The following steps assume RapidIdentity is installed on a virtual machine.

  1. Prior to installing RapidIdentity Appliance, access the Installation Files and download the latest ISO image. If installing on physical hardware, use the optical image to create a bootable CD/DVD or USB drive.

  2. Create a virtual machine as defined in System Requirements.

  3. Boot from the installation image. The first thing you will need to do is create a password for the config login.

    Note

    This is one of the first differences between CentOS 6 and CentOS 7 installations; with CentOS 6, the default password Cust0mer was installed and stated. Now, users are prompted to provide a password before the appliance is installed.

    Appliance_1.jpg

  4. The Appliance OS will install, running through several screens of items.

    Note

    This may take several minutes.

  5. At the installation confirmation screen, there will be some instructions for next steps. Unmount the ISO before pressing any key to reboot.

    Appliance_2.jpg

  6. After the system reboots into the CentOS 7 screen, login using the config ID with the password created in step 3.

    Appliance_3.jpg

  7. If the virtual machine is not using DHCP to obtain an IP address, navigate to and select Setup Network. If DHCP is already configured, skip to Installing RapidIdentity.

    Note

    This is one of the crucial changes between CentOS 6 and CentOS 7 installations.

    Appliance_4.jpg

  8. Select Edit a connection.

    Appliance_5.jpg

  9. Choose the network interface to be used for RapidIdentity. In this case, the network is ens33.

    Appliance_6.jpg

  10. Edit connection menu to change IPv4 Configuration to Manual. and update all network settings. Once this is complete, scroll down and click Save.

    Note

    It is critical to set up the correct IP address, the correct Gateway, and a DNS server. If the DNS Server isn't working, we will be unable to import Appliance installation scripts.

    Appliance_7b.jpg

  11. Once the interface has been configured, it will need to be activated. Return to the Network Settings menu from step 9. Instead of editing the connection, navigate to and select Activate a connection.

    Appliance_8a.jpg

  12. The connection may show as activated (with an asterisk next to it), but to refresh the setting, Deactivate then Reactivate the connection.

    Appliance_9.jpg

  13. At this juncture, it may be useful to update the host name from the network menu.

    Appliance_10.jpg

  14. From the main menu, navigate to and select Install RapidIdentity.

    Appliance_11.jpg

  15. Once the files finish installing, a confirmation message will appear and prompt for reboot. Press Enter to proceed.

    Appliance_12.jpg

  16. At the next login after reboot, you will see the header now identifies the system as a RapidIdentity Appliance. IP addresses are displayed here as well, in case you choose to SSH into the system. Log in with the config username and the password set up in Step 3.

    Appliance_13.jpg

  17. Confirm that RapidIdentity is running to ensure the installation was successful. Now you can configure the local database and the local LDAP Server.

    Appliance_14.jpg
Appliance CLI Configuration

  1. The RapidIdentity Appliance Configuration Main Menu screen displays. Navigate to and select System to verify and customize network settings and other options.

    Configuration_Main_Menu.png

  2. Configure and validate each of the Network settings by navigating to the System > Network > Network Settings.  

    Network_Settings_Menu.jpg

    1. In the Basic Network Settings menu, configure the connection settings for the network. From here, you can edit a connection, add a connection, or set the system's hostname settings.

      Basic_Network_Settings_Menu.jpg

    2. The Interfaces menu, there are options to fine-tune settings related to how the server connects. Choose the default network interface as listed (these are named by the installation software), or the local interface (listed as lo). Then you can drill further into the settings to alter more granular network settings.

      Select_Network_Interface.jpg

    3. Ensure the Hostname is configured. Use the arrow key to navigate to Hostname and click Enter to edit if needed.

      Hostname.jpg

    4. The DNS Servers menu shows local options and provides the opportunity to make DNS changes.

      DNS_Servers_Menu.jpg

    5. The Hosts File option allows a name to be attached to the IP address. Click for more information on configuring networking with network scripts.

      LocalHost_file.jpg

  3. After the Network settings are configured, exit the window and press the Escape key to return to the Main Menu.

  4. If this appliance is to be in a production environment, navigate to System > Security and select Change Password. The config password has already been changed, but the sftp account password needs to be changed in order to perform file transfers. Ensure this password in a secure location so that it is not lost or forgotten.

    Change_SFTP_password.jpg

  5. If using VMWare, navigate to Tools > VMWare Open VM Tools and select to install. This menu option will only show up if you are using VMWare to configure VMs.

    Tools_-_VMWare.png

  6. If a new database is necessary for this installation, select Local Database from the Main Menu.

    Local_Database_None.jpg

    Choose from between PostgreSQL or MySQL.

    Local_Database.png

    Note

    The rest of the procedure will be identical regardless of which database type has been chosen. After any change, you will receive a notification that The change will not take effect until RapidIdentity has been restarted.

  7. Drill down through Server Status and choose Install MySQL Server or Install PostgreSQL Server (depending on the choice made in the previous step) and then Yes to confirm. When the installation is complete, RapidIdentity will need to be restarted. Click Yes when prompted.

    Restart_RI.jpg

  8. After RapidIdentity restarts, an info window displays.

    Server_Status.png

  9. Use Menu Item 5 on the Local Database screen, Client, to access a command-line SQL client for interacting with the local database.

    Client_Menu.jpg

  10. A separate audit database can be configured, but by default the main database is used.

  11. After the database is configured, RapidIdentity will restart.

  12. Press Enter twice to start RapidIdentity and then press OK to confirm.

At this stage, the CLI configuration for RapidIdentity is complete unless the environment does not have an existing directory service. If that is the case, follow these steps to install OpenLDAP. The installation of Microsoft Active Directory is beyond the scope of this guide.

Install OpenLDAP

  1. Navigate to the Main Menu and select Local LDAP Server

    Local_LDAP_Server.png

  2. Select OpenLDAP and then Server Status. Install OpenLDAP.  

    Install_Open_LDAP.png

  3. When the installation is complete, a message will display regarding accounts that have been created during install. The passwords for these accounts should be changed as soon as possible.

    LDAP_Change_Passwords.jpg

    This can be done directly from the next screen. Simply select each option and enter a new password, confirming as required.

    Change_Passwords_Post-LDAP.jpg

  4. When this sequence is complete, exit the RapidIdentity Appliance Configuration Menu.

Repeat this sequence for each appliance. After the appliances are installed, extend the schema and install the password filter if using Active Directory.

Otherwise, skip to the Initial Appliance Configuration sequence.

In this section: