SungHoon_Kim

Creating an ALL-IN-ONE VM Image - Part 3

Blog Post created by SungHoon_Kim Employee on Oct 28, 2015

This is something I like to do once in a while. It takes long time to setup everything but to me it is a hobby. It is like putting zigsaw puzzles.

 

WARNING: THIS IS NOT SUPPORTED! THIS IS ONLY TO FULFILL YOUR CURIOSITY AND SATISFY YOUR SPIRIT GOING AGAINST ALL ODDS. THIS IS NOT A DEMONSTRATION ALLOWING YOU TO RUN SUCH CONFIGURATION IN YOUR DEV/TEST/QA/PROD ENVIRONMENT.

 

Following components will be installed.

 

01. Install OS (Windows 2008 R2 - English)

02. Microsoft Loopback Adapter

03. Active Directory

04. DNS

05. IIS

06. Certificate Authority

07. MSSQL 2012

08. JDK 1.7.0_80 (32bit and 64bit)

09. NewAtlanta ServletExec 6.0

10. ASF Apache

11. CA Directory

12. Oracle Directory Server 11g

13. CA Single Sign-On Policy Server

14. CA Single Sign-On AdminUI

15. CA Single Sign-On Web Agent/Option Pack

16. CA Single Sign-On Secure Proxy Server

17. CABI 3.3

 

Some trivial steps are skipped such as installing the OS and promoting to a Domain Controller.

 

07. MSSQL 2012

 

Once you run the installer, you will be greeted with this window.

At the left pane, click on "Installation".

Now, at the right pane click "New SQL Server stand-alone installation or add features to an existing installation".

Note the warnings.

1. It is not recommended to install SQL server on a domain controller

2. SQL Server ports need to be opened in the firewall, or just disable the firewall.

 

At Windows Firewall, select "Advanced settings".

Click on the "Inbound Rules"

Click on "New Rule" at the right pane.

Select "Port"

Enter "1433"

Select "Allow the connection"

You can select all network locations but only domain network is connected at the moment so at minimum "Domain" need to be selected.

Enter name and click "Finish" to active this rule.

 

You can also do the same via command-line.

netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN

 

Going back to SQL Installation

Click Next.

You only need to select the followings.

* Datebase Engine Services

* Management Tools - Complete

Select "Mixed Mode" and enter password.

Also, click "Add Current User" to add "SSO\Administrator" user just in case if you forget the "sa" password.

SQL Server Installation is now complete.

From "Start" menu, click "SQL Server Management Studio".

Logon as "sa" user and previously specified password.

Now that you are logged on as "sa", it is your world.

 

 

08. JDK 1.7.0_80 (32bit and 64bit)

 

You don't actually need to *install* the 64bit JDK.

You can copy them from another machine that is already installed.

This 64bit JDK will be be used for ServletExec.

You can still use 32bit JDK for ServletExec but because on Windows when you install WA and WAOP on the same machine, they need to be same bit level.

As I will be installing 64bit WA for IIS, 64bit WAOP will be installed as well.

NewAtlanta does not have the logic to lookup the WOW64 registry so if you only have 32bit JDK, it will not recognize it.

If you do not plan to install 64bit JDK, you will need to export the registry from WOW64 and modify/import it for 64bit area.

Then NewAtlanta can be installed.

 

In this case, I will be installing 64bit (WAOP) and 32bit (PS) JDK.

Install both of them to default installation folder.

 

 

09. NewAtlanta ServletExec 6.0

 

NewAtlanta ServletExec installer binary can be found in the policy server binary zip file.

For example, "ps-12.52-sp1-cr02-win32.zip/thirdparty-tools/servlet-engine-6.0/win32/ServletExec_AS_60a.exe"

Serial number can be found in "ps-12.52-sp1-cr02-win32.zip/thirdparty-tools/servlet-engine-6.0/ServletExec AS 6 license key.txt"

This license is only for SiteMinder Password Services and SiteMinder Federation Web Services.

 

Please note that you cannot use special characters for password.

 

It is installed in the following folder. (C:\Program Files\New Atlanta\ServletExec AS)

The instance that you created during installation is in "se-testmc1" folder.

"se-testmc1" folder has the StartServletExec.bat and "StopServletExec.bat

Those script has the environment variable set locally so if anything need to be modified, you should take a look at the StartServletExec.bat file.

 

It is also registered as a service named "ServletExec-testmc1" and it is started up automatically after installation.

 

As ServletExec is a plugin to a Web Server, you need access it via your web server url.

http://www.sso.lab/servletexec/admin

Logon as "admin" user.

When you logon the first time, it will show that it is running in "Development Mode".

Click on the "License" at the left pane.

 

Now the ServletExec is running in Production mode.

 

One tip, "http://www.sso.lab/servlet/TestServlet" is a test page where it dumps all the headers which can be handy when you want to check what header is set and which cookies are submitted.

This concludes Part 3 of ALL IN ONE Image.

Outcomes