IBM Security Privileged Identity Manager, Version 2.1.0

Setting up the virtual appliance

The appliance setup wizard runs the first time that you connect to the virtual console of an unconfigured virtual appliance.

Before you begin

Complete the virtual appliance installation. See Virtual appliance installation.

Important: During the installation, maintain the same date and time between the system where you installed the virtual appliance and the system where you installed the database.

About this task

Use the appliance setup wizard to manage host, port, or other configuration details, and then apply the changes to work with the virtual appliance.

This topic also provides the instructions on how to enable Federal Information Processing Standards (FIPS) feature on the virtual appliance.

Federal Information Processing Standards (FIPS) are guidelines that are set for software and hardware computer security products. Products that support FIPS standards can be set into a mode where the product uses only FIPS approved algorithms and methods.

Security toolkits typically support both FIPS approved and non-FIPS approved functions. In FIPS mode, the product is incapable of using any non-FIPS approved methods.

Before you enable the FIPS compliance on the virtual appliance, take note of the following limitations:
  • FIPS-compliant mode can be enabled only on new virtual appliance installations.
  • All virtual appliances in a cluster must have the same settings. For example, if FIPS is enabled in the cluster, all members of the cluster must also have FIPS enabled.
  • Virtual appliances that are operating in FIPS-compliant mode can only securely connect to FIPS-compliant systems.

Procedure

  1. Provide the following user credentials when the system restarts after the IBM Security Privileged Identity Manager virtual appliance installation:
    • Unconfigured login: admin
    • Password: admin
  2. On the setup wizard screen, press Enter.
  3. Choose a language, then read and accept the terms. 
    Software License Agreement
Currently selected language: English
1: Select language for license display
2: Read IBM terms
3: Read non-IBM terms
4: Proceeed to acceptance

Select option: 4


By choosing 'I agree,' you agree that (1) you have had the opportunity to 
review the terms of both the IBM and non-IBM licenses presented above and (2) 
such terms govern this transaction. If you do not agree, choose 'I do not 
agree'.
1: I agree
2: I do not agree

Select option: 1
  4. Optional: Select option 1 to enable FIPS.
    Important: FIPS cannot be disabled once it is enabled.
    FIP 140-2 Mode Configuration

You must enable FIPS mode in order to comply with FIPS 140-2 and NIST 800-131a.

If you select the enable FIPS mode, appliance will be rebooted immediately to
perform FIPS power-up integrity checks.
Do not choose to enable FIPS mode without reading the FIPS section in the user
guide.

If you choose to enable FIPS mode now, you cannot disable it later without
reinstalling the appliance.

FIPS 140-2 Mode is not enabled.
1: Enable FIPS 140-2 Mode
x: Exit
p: Previous screen
n: Next screen

Select option: 1




FIPS 140-2 Configuration
Enable FIPS 140-2 mode?
1: yes
2: no
Enter index: 1
You have selected to enable FIPS mode. The appliance will now reboot to perform
the FIPS integrity checks.
When appliance comes back up, you will need to login as admin useer to complete
the setup.
Enter 'YES' to confirm: YES
  5. Reboot the system.
  6. Once the system is rebooted, change the virtual appliance password and go to the next screen. 
    Appliance Password
Password changes are applied immediately.
Password has not been modified. 
1: Change password
x: Exit
p: Previous screen
n: Next screen


Change Password
Enter old password:
Enter new password:
Confirm new password:
Password changed successfully.


Appliance Password
Password changes are applied immediately.
Password has been modified.
1: Change password
x: Exit
p: Previous screen
n: Next screen

Select option: n
  7. Change the host name. You must use an FQDN host name.
    Change the Host Name
Enter the new host name (FQDN): ispimva.us.example.com

Host Name Configuration
Host name: ispimva.us.example.com
1: Change the host name
x: Exit
p: Previous screen
n: Next screen

Select option: n
    Note: The host name is identified in the SSL certificate that is issued for the virtual appliance. In a stand-alone setup, you must use the same host name value when you configure the target server connection for Privileged Access Agent on client workstations, Privileged Session Gateway, and App ID Toolkit.
  8. Configure network interface M1 with the IP address, subnet mask, and default gateway.
    Note: If necessary, consult your network administrator to obtain the correct network settings for your environment.
    Management Interface Settings
1: Display device settings
2: Display policy
3: Configure M.1
4: Configure M.2
x: Exit
p: Previous screen
n: Next screen

Select option: 3

Configure M.1
Select an IPv4 configuration mode:
1: Automatic
2: Manual
Enter index: 2
Enter the IPv4 address: 192.0.2.21
Enter the IPv4 subnet mask: 255.255.252.0
Enter the IPv4 default gateway: 192.0.2.12
Select an IPv6 configuration mode:
1: Automatic
2: Manual
Enter index: 1

Management Interface Settings
1: Display device settings
2: Display policy
3: Configure M.1
4: Configure M.2
x: Exit
p: Previous screen
n: Next screen

Select option: n
  9. Configure the DNS for the virtual appliance.
    Note: If necessary, consult your network administrator to obtain the correct DNS settings for your environment.
    DNS Configuration
No DNS servers configured.
1: Set DNS server 1
2: Set DNS server 2
3: Set DNS server 3
x: Exit
p: Previous screen
n: Next screen

Select option: 1

Set DNS Server 1
Enter the DNS Server IP address: 198.51.100.0


DNS Configuration
DNS server 1: 198.51.100.0
1: Set DNS server 1
2: Set DNS server 2
3: Set DNS server 3
x: Exit
p: Previous screen
n: Next screen

Select option: n
  10. Configure the time settings for the virtual appliance. 
    Time Configuration
Time configuration changes are applied immediately.
Time: 08:28:58
Date: 12/09/2015
Time Zone: Asia/Kolkata
1: Change the time
2: Change the date
3: Change the time zone
x: Exit
p: Previous screen
n: Next screen

Select option: n
1: Change the time
2: Change the date
3: Change the time zone
x: Exit
p: Previous screen
n: Next screen

Select option: n
  11. Review the summary of configuration details.
    Note: If necessary, record the details of the assigned IP address, DNS, and host name of the virtual appliance.
  12. Press 1 to accept the configuration.

Results

A message indicates that the policy changes are successfully applied, and the local management interface is restarted.

What to do next

Configure the virtual appliance. See Setting up a stand-alone or primary node for IBM Security Privileged Identity Manager.
Parent topic: Installation

Feedback