Installing by using the server installer

The Remote Control server installer can be used on Windows operating systems, Red Hat Linux operating systems, and SUSE Linux operating systems. A fully functional self-contained server with either of the following component setup is installed.

About this task

  • Remote Control server with WebSphere® Application Server Liberty Profile version and a Derby database.

  • Remote Control server with WebSphere® Application Server Liberty Profile version and one of the following databases:

    • IBM DB2 11.5 Virtual Processor Core (VPC).
    • Oracle 11g, 12c, and 19c.

      When you use an Oracle database, if you are using the Oracle 11g drivers, set oracle.increment.keys.off=1 in the trc.properties file. Restart the server service.

    • Microsoft SQL server 2008, 2012, 2014, 2016, 2017, 2019, and 2022.

      You must use a JDBC driver whose version is higher than 6.3. Older versions do not support TLS1.2 or JRE8.

      When you use an MS SQL database, Windows authentication is not supported. You cannot log on with a domain user. You must use mixed mode authentication and create an SQL user to connect to the database.
For more information about the supported versions of the installed components, see Server requirements
Note: Click Cancel at any time to end the installation.

Approximate installation time

  • Specifying options in the installer: 5 - 10 minutes.
  • Installation of the software: 5 minutes.
  1. A minimum screen resolution of 1024 by 768 pixels is recommended when you are using the installer.
  2. On a Linux operating system, you must install libstdc++.so.5 when you are installing and configuring the operating system. If this package is not installed, you can install package compat-libstdc++-33, which contains libstdc++.so.5.
Note:
  • Console mode installation is not supported.
  • During the file copy phase of the server installation:
    • A backup copy of any existing installation is saved. This feature is useful if a problem occurs with the installation when you are upgrading.
    • The following directory is deleted if it exists:

      [INSTALLDIR]/trcserver.bak.

    • The current server installation in [INSTALLDIR]/wlp/usr/servers/trcserver is then renamed or moved to [INSTALLDIR]/trcserver.bak.
    You can access the backup directory to restore or recover anything from the previous installation.

To install the Remote Control server application, complete the following steps:

Procedure

  1. Run the server installation file relevant to your operating system.
    Windows systems
    trc_server_setup.exe
    Linux systems
    trc_server_setup.bin
    To obtain the installation file see Obtain the installation files.
  2. Choose the language and click OK.
  3. At the Introduction window click Next.
  4. Click to accept both the IBM® and non-IBM® terms, click Next.
  5. Accept the default location or click Choose to define a location for the installation files, click Next.
    Note: WebSphere® Application Server cannot be installed in a directory with a name that contains non-English-language characters. This installation installs an embedded version of WebSphere® Application Server. Therefore, you must choose a destination for the installation files that do not contain any non-English-language characters.
  6. Select the database, click Next.
    Note: Derby is embedded in the application and is installed locally when you select Derby. To use DB2® or Oracle, you must install them and create a database instance before you install Remote Control.
  7. Enter the options for your selected database and click Next.
    Derby
    1. Specify a name for the database, click Next. For example, TRCDB.
      Note: If you are using an existing database, you can choose to drop the database.
    DB2®
    Database server
    The IP address or host name of your database server.
    Note: 127.0.0.1 can be used when DB2® is installed locally. If you install DB2® on a remote system, type the IP address of the remote system.
    Port
    Port on which DB2® is installed.
    Note:
    1. On Windows® systems, the default port is 50000. On Linux systems, the default port is 50001.
    2. A remote DB2® installation is limited to type four connections. A local installation can use type two or four. For type two connections, set the port value to 0.
    Administrator Userid

    Specify the Administrator user ID that is used for logging on to the database. The user ID must have admin access to the database.

    If you select create database, the user ID must have administrator access for DB2®.
    Administrator password

    Specify the Administrator password for connecting to the database.

    Database Name
    Specify a name for the database. For example, TRCDB.
    Note: If you are using a remote database, type the name of the database that was created on the remote system.
    Directory path to db2jcc.jar file

    Specify the path to the DB2® JAR files, db2jcc.jar, and db2jcc_license.jar

    Note: If you are using a remote database share the drive, on the remote system, that the DB2® JAR files are in. Enter the shared drive location.
    Create database
    If DB2® is installed locally (127.0.0.1), you can select to create a blank database during the installation. You can also select to drop an existing local database and create a new database.
    Note: Do not select create database or drop database if you are using a remote database.
    Path for database install
    Specify the path where the database can be installed. If the installation is local and you select to create the database, the admin user who is specified must have the appropriate authority. On a Windows system, use the db2admin user, and on a Linux system, the user must be a member of the group db2grp1.
    Note:
    Linux systems
    Specify a directory that the admin User ID has read and write permissions for.
    Windows systems
    Specify a drive letter.
    Oracle
    Database server
    The IP address or host name of your database server. 127.0.0.1 can be used when Oracle is installed locally. If you install Oracle on a remote system, type in the IP address of the remote system.
    Port
    Port on which Oracle is installed.
    Administrator Userid
    Specify the administrator user ID that is used for logging on to the database. The user ID must have admin access to the database.
    Note: For an Oracle installation, a user that is called asset must exist. This user ID can be used here or use an existing or new user.
    Administrator password
    Specify the administrator password for connecting to the database.
    Database Name
    Specify a name for the database. The name is the SID name on the server, not the one in tnsnames.ora. For example, TRCDB.
    Directory path to the oracle Java JDBC library
    Specify the path to the oracle Java JDBC library. The location can be obtained from the Oracle server installation or downloaded from the Oracle website. For example, c:\oracle\ora92\jdbc\lib\ojdbc14.jar
    MSSQL
    Database server
    The IP address or host name of your database server.
    Note: 127.0.0.1 can be used when MS SQL is installed locally on a Windows system only.
    Port
    Port on which MS SQL is installed.
    Administrator Userid
    Specify the administrator user ID that is used for logging on to the database. The user ID requires admin access to the database.
    Administrator password
    Specify the administrator password for connecting to the database.
    Database Name
    Specify a name for the database. For example, TRCDB.
    Directory path to the MS JDBC Java files
    Specify the path to the MS JDBC Java files. The mssql-jdbc-X.X.X.jre8.jar file must be used depending on the version of MS SQL database that you are using.
    If installed on the same server, select to create database
    If MS SQL is installed locally, you can select to create the database.
    Drop the database if installed locally
    Select if you already have an existing database with the name that is entered for Database Name that you do not want to use.
    If local, select path where to create the database
    Specify the database installation path. If the installation is local and you select to create the database the Admin user must have appropriate authority to do so.
    Linux systems.
    Specify a directory that the admin User ID has read and write permissions for.
    Windows systems.
    Specify an existing directory.
  8. Specify the web server parameters then click Next.
    Force targets to use HTTPS
    Select this option for the target software to communicate with the server by using the HTTPS URL. The enforce.secure.endpoint.callhome and enforce.secure.endpoint.upload properties in the trc.properties file are also set to true. The check box is selected by default on a new installation.
    Regardless of your selection, the enforce.secure.web.access, enforce.secure.weblogon, and enforce.secure.alllogon properties that enable HTTPS logon and access to the web portal, are all set to True by default. For more information about these properties, see Set a secure environment .
    Note: If you are using HTTPS, you must use a fully qualified domain name for the server name.
    Use secure registration tokens to register targets
    Select this option to enable the secure target registration feature. This feature prevents unauthorized targets from registering with the Remote Control server. The check box is selected by default on a new installation. Ensure that the Force targets to use HTTPS option is also selected. For more information about secure registration, see Enable secure target registration.
    Upload data to server
    The fully qualified name for the Remote Control server. For example, trcserver.example.com
    Note: You must make sure that you enter the fully qualified name. The name is used for creating the URL in the trc.properties file that is passed to the target after it contacts the server for the first time. If the fully qualified name is incorrect, the target might not be able to contact the server successfully when it is next due to contact it.
    Web path of URL
    Specify the web path for the server URL. For example, /trc.
    Server port on Webserver (default 80)
    Specify a port for the server.
    SSL Port (default 443)
    Specify a port for SSL.
    Administrator email
    Specify an administrator email address. For example, admin@company.com.
    Note: To use the email function, you must install a mail server. Edit the trc.properties file after you install the Remote Control server. For more information about editing the properties files, see the BigFix® Remote Control Administrator's Guide
    Enable FIPS
    Select this option to enable FIPS compliance on the server. For more information about enabling FIPS compliance, see Federal information processing standard (FIPS 140-2) compliance in Remote Control .
    Enable NIST SP800-131A Compliance (Enables FIPS)
    Select this option to enable NIST SP800-131A compliance on the server. For more information about enabling NIST SP800-131A compliance, see NIST SP800-131A compliance in Remote Control.
  9. Select options for your SSL certificate and click Next. The certificate configuration is stored in the ssl.xml file.
    Use an auto generated certificate store
    Select this option to use a self-signed certificate that is generated by the installer.
    Note: If the following options are not enabled, click Use an auto generated certificate store to enable them.
    Overwrite an existing certificate store.
    If a self-signed certificate store is already saved, the new certificate overwrites the saved certificate store. This option is the default option.
    Password for a new or a previously generated certificate store.
    Type a new password for the self-signed certificate. If you do not select to overwrite, type the password for your existing auto generated certificate store. If left blank, the default password TrCWebAS is saved as the password. The password must have a minimum of 6 characters.
    Select an existing certificate store
    Select this option to use an existing certificate store that is already saved.
    Select existing certificate store location.
    Click Choose to browse to the relevant certificate store. Select the certificate store. The file extension can be .jks or .p12.

    When you use an existing certificate store, it is not copied to the installation directory during installation. The server software instance points to the location of the certificate store that you provide. Therefore, you must make sure that you save the certificate store to an adequate location on the server before you start the server installation. The certificate store must be stored in a location that does not get deleted. Therefore, do not save the file in the [installdir]\wlp directory or any of its subdirectories. Do not delete the certificate store at the end of the installation.

    If you select a previously saved auto-generated certificate store from the server installation directory, a warning is displayed. Choose Copy file to copy the file to a location that is not deleted during the installation. If the file is not copied successfully, you must manually copy the certificate store file to another location. Click Choose and select the new location of the file.

    Click Restore Default to reset the field value to its original value.

    Enter the certificate store password.
    Type a password for the certificate store.
  10. Select options to configure Single-Sign-On (SSO) and click Next. The SSO configuration is stored in the sso.xml file.
    Enable SSO
    Select this option to enable Single-Sign-On (SSO). To continue with the configuration, you must get the SAML metadata XML file from the Identity Provider (IdP) and which hash algorithm they are using: SHA-1 or SHA-256.
    Metadata XML file
    Click Choose and select the SAML metadata XML file that you obtained from the IdP.
    Algorithm used to sign SAML messages
    Select the signature algorithm (SHA-1 or SHA-256) to use to sign messages in communications between the Identity Provider (IdP) and this Service Provider (SP) which is the BigFix® Remote Control Server.
    Advanced parameters (optional)
    Type in further configuration options, by adding attribute names in a space-separated list, in the following format: [keyword]="[keyword-value]". Where [keyword] is the attribute name and [keyword-value] is the attribute value.
    Force regeneration of SAML data. (you must re-register with the IdP)
    The first time that you enable SSO, a new default SAML certificate keystore is created. For future upgrades, you can select the regeneration option to create a new default certificate keystore. The current keystore is deleted and the new one is saved. When you select this option, you must reestablish the connection between the SP and the IdP after the server restarts.
  11. Select a location for the product icons to be displayed.
    If you select Other, click Choose to specify a location.
    Note: Product icons do not work when you are using Linux.
  12. In the Summary pane, click Install.
  13. If you selected to enable SSO, a pane that is labeled as Important is displayed. Take note of the URL and information and click Next.
  14. Click DONE to complete the installation.

Results

The Remote Control server software is installed including a set of properties files. These files can be edited to configure your environment.
Note:
  1. It is important to make sure that the URL property in the trc.properties file contains the correct URL for the Remote Control server. This property is used when targets contact the server and for determining the server during a remote target installation. If the URL property value is not correct, the remote targets are not able to contact the server successfully. Therefore, you might have problems when you start remote control sessions with the targets.
  2. If the IP address of the server changes at any time, make sure that you update the URL property in trc.properties. Restart the server service because the targets try to contact to the old IP address until the change to the property is made.