Installation checklist
Before you install the Operations Center, you must verify certain information, such as the installation credentials, and you must determine the input to provide to IBM® Installation Manager for the installation.
- Verify the host name for the computer where the Operations Center will be installed.
- Verify the installation credentials.
- Determine the Operations Center installation directory, if you do not want to accept the default path.
- Determine the IBM Installation Manager installation directory, if you do not want to accept the default path.
- Determine the port number to be used by the Operations Center web server, if you do not want to accept the default port number.
- Determine the password for secure communications.
- Determine whether secure communications must comply with the National Institute of Standards and Technology (NIST) Special Publications (SP) 800-131A recommendation.
Information | Details |
---|---|
Host name for the computer where the Operations Center will be installed | The host name must meet the following criteria:
|
Installation credentials | To install the Operations Center, you must
use the following user account:
|
Operations Center installation directory | The Operations Center is installed in the ui subdirectory of the installation directory. The
following path is the default path for the Operations Center installation
directory:
The installation directory path must meet the following
criteria:
|
IBM Installation Manager installation directory | The following path is the default path for
the IBM Installation Manager
installation directory:
|
Port number that is used by the Operations Center web server | The value for the secure (https) port number
must meet the following criteria:
If you do not specify a port number, the default value is 11090. Tip: If you later do
not remember the port number that you specified, refer to the following
file, where installation_dir represents
the directory where the Operations Center is installed:
The bootstrap.properties file contains the IBM Spectrum Protect™ server connection information. |
Password for secure communications | The Operations Center uses Hypertext Transfer Protocol Secure (HTTPS) to communicate with web browsers. When you install the IBM Spectrum Protect server and the Operations Center, the default configuration requires secure communication between the server and the Operations Center. To secure communication, you must add the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) certificate of the hub server to the truststore file of the Operations Center. The truststore file of the Operations Center contains the certificate that the Operations Center uses for HTTPS communication with web browsers. During installation of the Operations Center, you create a password for the truststore file. When you set up SSL/TLS communication between the Operations Center and the hub server, you must use the same password to add the certificate of the hub server to the truststore file. The
password for the truststore file must meet the following criteria:
|
NIST SP800-131A compliance mode | When you install the Operations Center, you can specify
whether NIST SP800-131A compliance is required, and the level of compliance.
Before you install the Operations Center, determine
if you want strict SP800-131A compliance, transitional SP800-131A
compliance, or if you do not need to comply with the recommendation. If you enable SP800-131A compliance, stronger cryptographic keys and algorithms are used for HTTPS communication between the Operations Center and the web browsers. There are two compliance modes: transition and strict. Both modes enable the web server to secure HTTPS communication by using the Transport Layer Security (TLS) 1.2 protocol. In transition mode, however, TLS 1.0 or TLS 1.1 are allowed if the web browser is not enabled for TLS 1.2. In strict mode, full SP800-131A compliance is enforced, and the web browser must have TLS 1.2 enabled to run the Operations Center. If you do not enable SP800-131A compliance, HTTPS communication is secured by less-complex cryptography. However, processor usage and network latency might be reduced. Requirement: If you specify strict SP800-131A compliance, the web
browser must support TLS 1.2, and TLS 1.2 must be enabled.
Restrictions:
Remember: The SP800-131A compliance
option applies only to the Operations Center communication
with web browsers. To fully enable SP800-131A compliance, you must
configure IBM
Spectrum Protect components
in your environment individually. To secure communications between
the Operations Center and
the hub server, you can add the SSL certificate of the hub server
to the truststore file of the Operations Center. For SP800-131A
compliance, the cert256.arm certificate must
be the default certificate on the hub server, you must copy this certificate
to the truststore file of the Operations Center.
|