NOTE: The latest Linux distributions generally use Wayland protocol. In order to install DualShield in GUI mode for non-root user, you need to execute the following command before the installation.

xhost si:localuser:root

Execute the command below to start the installation:

./setupdualshieldxxx.bin

in which xxx is the version & build number.

 

Now, you are ready to start installing the DualShield Authentication Platform, and go through the following steps:

  1. Welcome
  2. Licensing Agreement
  3. Installation Path
  4. Select Components
  5. Server Configuration
  6. Components Registration
  7. JVM Configuration
  8. Database Encryption
  9. HSM Configuration
  10. Database Connection
  11. Configuration Summary
  12. Installing
  13. Perform External Processes
  14. Installation Complete

Step 1: Welcome

Step 2: Licensing Agreements

Step 3: Installation Path

Step 4: Select Components

The entire DualShield platform consists of several components:

-      Authentication Server

-      Management Console

-      Single Sign-On (SSO) Server

-      Self-Service Server

-      Provisioning Server

The core components are the Authentication Server and the Management Console, which should always be installed behind the inner firewall in your network. Other components such as the SSO Server, Self-Service Server and the Provisioning Server can be installed in your DMZ.

Select one of the following options:

-      All

To install the entire platform on one single server machine.

-      Back-end components

To install the core server components including the Authentication Server, the Management Console and the SSO Server (The Management Console always requires a SSO server)

-      Front-end components

To install components such as the SSO server, Self-Service and/or Provisioning Server. This option is typically used to install front-end servers in DMZ.

Step 5: Select Installation Packages

Step 6: Server Configuration

Server FQDN

You must provide a Fully Qualified Domain Name (FQDN) for the DualShield platform. This domain name will be used to access various servers and services provided by the DualShield platform, such as the Management Console, Single Sign-On server, Self-Service Console and Provisioning Service.

After the installation, you will need to add this FQDN in to your network DNS server so that the DualShield platform can be accessed from workstations and other servers in your network. Alternatively, you can add this FQDN in to the local HOSTS file in each of the workstations and servers where you need to access the DualShield platform.   

Use SSL to Access DualShield

If you check this option, then access to all of DualShield’s servers and services will be via HTTPS/SSL. Otherwise, the access will be via HTTP. If you are installing DualShield for evaluation purpose, you might leave this option unchecked. If you are installing DualShield for production, then it is recommended to use SSL for better security. Please note that regardless whether this option is checked or unchecked, the communication channels between DualShield servers and agents are always via HTTPS/SSL.

Certificate Path

If you check the “Use SSL to Access DualShield” option, then you need to provide a SSL server certificate for the DualShield platform. The domain name of the certificate should be issued to the “Server FQDN” that you entered above.

The certificate provided should be in the PFX format, containing the private key.

Step 6: Components Registration

 If you selected the “All” or “Back-end” option in Step 4, you will not see this step.

To the Authentication Server, other components such as the SSO server, Self-Service server and the Provisioning server, is an agent. If you selected the “Front-end” option in Step 4, you will need to register the agent(s) to be installed with the authentication server. Therefore, you must login to the Management Console and enable the Agent Auto Registration feature before proceeding to the next step.

To enable the Agent Auto Registration feature, login to the DualShield Management Console, navigate to “Authentication | Agents” and click “Auto Registration” on the toolbar. 



Once you have enabled the Agent Auto Registration feature in your DualShield server, back to the installation step you need to provide the Registration URL which is the address of your DualShield Authentication Sever in the form of a URL: 

HTTPS://FQDN:PORT

in which “FQDN” is the Fully-Qualified-Domain-Name of your DualShield back-end server, and “PORT” is the port number of the authentication service.

Step 7: JVM Configuration

This page is for optimising the Java Virtual Machine (JVM) performance.

JvmMx:

The maximum RAM space allocated to the JVM

JvmMs:

The minimum RAM space allocated to the JVM

MaxPermSize

MaxPermSize specifies the maximum size for the permanent generation heap, a heap that holds objects such as classes and methods.

Step 8: Database Encryption Configuration

If you are planning to use a Hardware Security Module (HSM) to encrypt the database, then select the option: Hardware Encryption.

Otherwise, select No Encryption or Software Encryption.

Step 9: HSM Configuration

This page is for configuring Hardware Security Module only. If you selected No Encryption or Software Encryption in the previous step, then you will not see this page.

Step 11: Database Connection 

On this page, you need to first select the type of the database engine and then provide the following settings:

ServerAddress          The address of the SQL server

ServerPort                The Port number of the SQL server

User Name                The login name of the access user

Password                  The password of the access user

Database Name        The name of the database to be created and used by the authentication server

You can click the “Fetch” button to retrieve a list of databases that are already present in the database server.

Step 12: Configuration Summary

The DualShield platform consists of the following servers and services:

  • Administration Service
  • Authentication Service
  • Provisioning Service
  • Management Console (Server)
  • SSO (Single Sign-On) Server
  • Self-Service Server

For the purpose of security and flexibility, those servers and services run on different ports. The installer has automatically selected port numbers for these servers and services for you. Please make a note of these ports as you might need to use some of them later when setting up authentication agents.

Step 13: Installing

This process unpacks and copies files to your machine.

Step 14: Perform External Processes

This process installs the database engine service and the DualShield authentication service.

Step 16: Installation Completed

  • No labels