Documente Academic
Documente Profesional
Documente Cultură
Installation Guide
Version 2.4.11.0
1. Introduction
The Policy Server Installation and Configuration Guide provides information about the basic installation and setup of
Policy Server components.
Note: If any Policy Server customizations are required please follow customization specific deployment
documents after Policy Server deployment.
Note:
1. It is recommended to keep all FileSecure components and other related installations (e.g. Java, Tomcat,
Policy Server, FIM, Lite Server, etc.) in a folder named Seclore. Also this folder should be placed in non-
OS drive. E.g. D:/Seclore
2. "<POLICYSERVER_HOME>\config\reporting" folder will require extra disk space for storing reporting
index files. For every 1 million file activities, approximately 500MB additional disk space will be required.
2.2. Dependencies
The dependencies for the deployment of Policy Server are summarized in the table below:
Dependencies Details
Database Ensure that MS SQL or Oracle database is properly installed. The supported databases are
as follows:
MS SQL 2005, MS SQL 2008, MS SQL 2012, MS SQL 2014.
Oracle 9i, Oracle 10g, Oracle 11g, Oracle 12c.
Note : For Multilingual Support with Oracle database
Policy Server supports internationalization and localization of data. So, for multilingual
support ensure that the database character-set AL32UTF8 is correctly selected during
installation of Oracle Database.
Java Ensure that JDK 1.8.0_66 is installed properly. If not, refer References/Java 8 Installation
Seclore FileSecure Policy Server
Installation Guide
Guide.pdf file for Java 8 installation guidelines.
Web Application Ensure that Apache Tomcat 8.0.32 is installed properly. If not, refer References/Tomcat 8
Installation Guide.pdf file for Tomcat 8 installation guidelines.
Server
2.3. Prerequisites
Please ensure that below prerequisites are met before we begin with Policy Server deployment.
Note: Screenshots are for representational purposes only. Java and Tomcat versions must match those
mentioned in the steps.
Seclore FileSecure Policy Server
Installation Guide
2.5. Configure Java for Policy Server
2.5.1. Java Cryptography Extension(JCE)
Steps to configure the java to use the JCE
1. Locate the JDK folder which is used by the Apache Tomcat server
a Run Tomcat8w.exe from <TOMCAT_HOME>/bin folder
b Click on the Java tab and locate the JDK path from Java Virtual Machine field.
Steps :
1. Run <TOMCAT HOME>/bin/Tomcat8w.exe
2. Go to Java tab.
3. Configure the above configurations in 'Java Options' field.
Seclore FileSecure Policy Server
Installation Guide
Note:
The keyAlias value will be the name of the alias you entered while creating keystore entry.
The disableUploadTimeout is 'false' for uploading larger files through Lite Server application.
Check whether the port specified in the connector tag specified below is not used by any other
application.
<Connector port="443"
protocol = "org.apache.coyote.http11.Http11NioProtocol"
keystoreFile="ABSOLUTE PATH OF THE KEY STORE FILE"
keyAlias = "NAME_OF_KEYSTORE_ALIAS"
keystorePass="PASSWORD"
redirectPort="-1"
disableUploadTimeout="false" connectionUploadTimeout="3600000"
acceptCount="100"
acceptorThreadCount="2"
scheme="https" secure="true"
SSLEnabled="true" clientAuth="false"
sslEnabledProtocols="SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2"
URIEncoding="UTF-8" server="FileSecure Server"
ciphers = " TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA">
</Connector>
Seclore FileSecure Policy Server
Installation Guide
Add the configuration for Policy Server inside the <Host > tag.
Note : docBase attribute should point to the Policy Server home folder e.g. D:/Seclore/Policy Server.
<Context path="/policyserver"
docBase="ABSOLUTE PATH OF POLICYSERVER HOME FOLDER" >
<Valve className="org.apache.catalina.valves.RemoteIpValve"/>
<Valve className="org.apache.catalina.authenticator.NonLoginAuthenticator"
disableProxyCaching="true" securePagesWithPragma="false" />
<Resource name="jdbc/filesecure"
auth="Container"
type="javax.sql.DataSource"
driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver"
url="jdbc:sqlserver://DBSERVERNAME:PORT;databaseName=DATABASENAME"
username="USERNAME"
password="PASSWORD"
maxWaitMillis="5000"
maxTotal="100"
removeAbandonedOnBorrow="true"
removeAbandonedTimeout="300"
logAbandoned="true"
testOnBorrow="true"
validationQuery="select GETDATE()"/>
<Manager className="org.apache.catalina.session.PersistentManager" saveOnRestart="false">
<Store className="org.apache.catalina.session.FileStore"/>
</Manager>
</Context>
Note : Refer How to configure Windows Integrated Authentication for MSSQL? to enable Windows
Integrated Authentication for MSSQL Database Server.
Seclore FileSecure Policy Server
Installation Guide
For ORACLE Database Server
<Context path="/policyserver"
docBase="ABSOLUTE PATH OF POLICYSERVER HOME FOLDER" >
<Valve className="org.apache.catalina.valves.RemoteIpValve"/>
<Valve className="org.apache.catalina.authenticator.NonLoginAuthenticator"
disableProxyCaching="true" securePagesWithPragma="false" />
<Resource name="jdbc/filesecure"
auth="Container"
type="javax.sql.DataSource"
driverClassName="oracle.jdbc.driver.OracleDriver"
url="jdbc:oracle:thin:@DBSERVERNAME:PORT:HOSTSTRING"
username="USERNAME"
password="PASSWORD"
maxWaitMillis="5000"
maxTotal="100"
removeAbandonedOnBorrow="true"
removeAbandonedTimeout="300"
logAbandoned="true"
testOnBorrow="true"
validationQuery="select * from dual"/>
<Manager className="org.apache.catalina.session.PersistentManager" saveOnRestart="false">
<Store className="org.apache.catalina.session.FileStore"/>
</Manager>
</Context>
<POLICYSERVER_HOME>/config/PolicyServerConfig.xml
<ps-config>
<server>
<appname>/policyserver</appname>
<urls>
<url>https://irm.acmegroup.com :443</url> <!--Primary Policy Server URL-->
<url>https://foirm.acmegroup.com:443</url> <!--The fail over server URL-->
<url>https://drirm.acmegroup.com:443</url> <!--The disaster recovery server URL-->
</urls>
There is no limitation on number of URLs. Desktop Client will try to connect to Policy Server in the order the URLs are
specified.
</database>
Thales Hardware Security Module (Thales HSM) : To configure Thales HSM in Policy Server refer Policy
Server [Version]/Installation Docs/Supplements/Thales HSM Configuration Guide.txt
5. Adoption Stats
Policy Server will send monthly and midmonth adoption statistics to product.metrics@seclore.com on
1st and 16th of every month.
This feature will be enabled by default. To disable Adoption Stats refer How to configure Adoption Stats
feature in Policy Server?
Note :
This feature requires a valid consent file to be present.
For Production deployment, Adoption stats will not be sent if valid consent file is not present.
For POC/Demo/UAT deployment Adoption stats will not be sent, irrespective of the consent.
DEBUG : Logs all the processing steps for any request to be served.
<POLICYSERVER_HOME>/logs/PolicyServer.log
log4j.category.REQUEST=debug, REQUEST
log4j.category.DEGUG=debug, DEBUG
log4j.category.SYNC=debug, SYNC
Note : tomcat and acmegroup.keystore are placeholders. Replace it with appropriate values before
executing the command.
keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -validity 36500 -sigalg SHA1WithRSA -keystore
acmegroup.keystore
Seclore FileSecure Policy Server
Installation Guide
NOTE :
Note down the alias name and password. These details(alias name & password) will be required
while configuring the SSL key in the server.xml file.
For First and last name, enter Fully Qualified Domain Name for Policy Server Domain
(example:www.yourdomain.com). For a Wildcard Certificate this must begin with the * character.
(example: *.yourdomain.com)
It is required to have the keystore password and key password for alias same for smooth
functioning of Policy Server application.
Seclore FileSecure Policy Server
Installation Guide
At the end of this activity a acmegroup.keystore file will be created. The keystore file will be created in the
directory pointed by the command prompt while running the keytool command. For example, in the sample screens
above, the keystore file is generated at D:/Seclore.
Note : This keystore file will be later referred in Tomcat server.xml configuration.
3. After receiving the certificates from the vendor, import them into keystore
for Root Certificate
Seclore FileSecure Policy Server
Installation Guide
keytool -import -trustcacerts -alias root -file root.crt -keystore acmegroup.keystore
for Intermediate Certificate
keytool -import -trustcacerts -alias inter -file inter.crt -keystore acmegroup.keystore
for Domain Certificate
keytool -import -trustcacerts -alias tomcat -file mydomain.crt -keystore acmegroup.keystore
<request-access-right-config>
<!-- Global flag to support Request Access Right feature for this Policy Server
1 - Yes
0 - No -->
<is-supported>0</is-supported>
</request-access-right-config>
10.Other Documentations
Below is a list of documents shipped alongwith a brief description of the contents.
Location : Policy Server [Version]/Installation Docs/
Lite Server Installation Guide.txt Describes steps for Lite Server installation.
Configuring SSO using WebSEAL Guidelines on configuring SSO in Policy Server using
the IBM Tivoli Access Manager WebSEAL SSO server.
Junction.txt
Connecting to AD over SSL.txt Explains how to import SSL Certificate in JVM for
connection to Active Directory (over SSL).
Import self signed certificate in Java.txt Explains how to import self signed certificate in Java
Certificate Trust Store.
Tweaking Tomcat JVM Memory.txt Explains how to configure JVM memory of the Tomcat.
Tomcat Valve configuration for resolving Explains how to configure RemoteIPValve in different
server environment setups.
client IP addresses.pdf
Thales HSM Configuration Guide.txt Explains how to configure Thales HSM in Policy Server.
Seclore License Portal User Manual.pdf Explains how to generate a valid PolicyServer.consent
Seclore FileSecure Policy Server
Installation Guide
file.
Outlook on the web Add-in Configuration Explains how to install and configure Outlook on the
web Add-in in Policy Server.
Guide.pdf
Java 8 Installation Guide.pdf Explains Java 8 installation steps for Policy Server.
Tomcat 8 Installation Guide.pdf Explains Apache Tomcat 8 installation steps for Policy
Server.