Installing ISII and i2 Analyze on the ICFM supplemental server

After you edit the properties file for the supplemental server, you must run the installation programs to add either InfoSphere Identity Insight, i2 Analyze Server, or both.

Before you begin

Complete instructions in Preparing to install the ICFM supplemental server.

Procedure

To install ISII and i2 Analyze on the ICFM supplemental server:

  1. Log into the ICFM server as user root (Data server if using a three-server topology).
  2. Change to the directory of the original ICFM base server installation; for example: cd icfm_install_dir/bin
    Note: You must install from the same directory as the original ICFM base installation because there is a dependency on accessing the original installation properties file.
  3. Run one or both of the following installation programs:
    • To install ISII, enter:
      ./cfm.x.isii.install.linux.sh –p opt_key_passphrase
      Where x is 1 for a single server installation and 3 for a three-server installation and opt_key_passphrase is the optional keystore passphrase. If a passphrase is provided, the installation program uses the specified passphrase to protect the keystore, which contains the keys that encrypt the passphrases in the CFM.x.properties file.
    • To install i2 Analyze, enter:
      ./cfm.x.i2.install.linux.sh –p opt_key_passphrase
      Where x is 1 for a single server installation and 3 for a three-server installation and opt_key_passphrase is the optional keystore passphrase. If a passphrase is provided, the installation program uses the specified passphrase to protect the keystore, which contains the keys that encrypt the passphrases in the CFM.x.properties file.

    Each of the installation scripts (ISII and i2 Analyze) merge the ICFM base installation properties with the supplemental server installation properties.

  4. During installation, the password manager resets the password of a user to the user name. When you first log in, the system prompts to reset the administrator password. It is recommended to change this password as soon as possible to minimize any security concerns or issues.
  5. Required: Enable TLS between IBM HTTP Server and i2 Analyze. To do so, follow general guidelines described in Configuring Secure Sockets Layer (version 4 release 1) connections for IBM i2 Analyze with the following adjustments:
    1. Create the i2_key.kdb file on the ICFM Core server in the following directory: 
      /opt/IBM/HTTPServer/cert/
    2. In Step 1 of the Configuring the IBM HTTP Server section, use the plugin-cfg.xml file located in the following directory: 
      /opt/IBM/WebSphere/Plugins/config/CoreWebServer/plugin-cfg.xml
    3. In Step 3, edit the plugin-cfg.xml file and navigate to the i2analyze_cluster section. Then add the <Transport> element in this section. For example:
      <ServerCluster CloneSeparatorChange="false" GetDWLMTable="false" IgnoreAffinityRequests="true" LoadBalance="Round Robin" Name="i2analyze_cluster" PostBufferSize="64" PostSizeLimit="-1" RemoveSpecialHeaders="true" RetryInterval="60">
<Server ConnectTimeout="0" ExtendedHandshake="false" MaxConnections="-1" Name="i2analyze" ServerIOTimeout="900" WaitForContinue="false"> 
<Transport Hostname="supplemental.company.com" Port="9081" Protocol="http"/> 
<Transport Hostname="supplemental.company.com" Port="9444" Protocol="https"> 
<Property Name="Keyring" Value="/opt/IBM/HTTPServer/cert/i2_key.kdb"/> 
<Property Name="Stashfile" Value="/opt/IBM/HTTPServer/cert/i2_key.sth"/> 
</Transport>