Caché Installation Guide - InterSystems Documentation

More documents

Recommendations

Info

Preparing for Caché Advanced Security 2. In the Caché Server Manager dialog for adding a new preferred server, choose Kerberos. The name populated in the Caché Service Name field should match the name in use. If there are multiple Caché instances on the server machine, you may need to edit the contents of this field. For detailed information on configuring remote server connections, see the “Connecting to Remote Servers” chapter of the Caché System Administration Guide. Names that are Any Unique String For a name that uses any unique string, the procedure is: 1. Choose a name for the service principal. 2. In the Caché Server Manager dialog for adding a new preferred server, choose Kerberos. Specify the selected name for the service principal in the Caché Service Name field. If you decide not to follow Kerberos conventions, a suggested naming convention for each account representing a Caché server instance is “cacheHOST” , which is the literal, cache, followed by the host computer name in uppercase. For example, if you are running a Caché server on a Windows machine called WINSRVR, name the domain account cacheWINSRVR. If you have multiple Caché server instances on one machine, since the service account name must be unique, you may want to follow the default Caché practice of naming instances and use this instance name in place of the cache literal. For example, if you install two Caché server instances on the WINSRVR machine and use the default instance names (cache and cache2), name the two service accounts cacheWINSRVR and cache2WINSRVR. For more information on configuring remote server connections, see the “Connecting to Remote Servers” chapter of the Caché System Administration Guide for the detailed procedure. D.1.5 Create Service Accounts for Non-Windows Caché Servers Before you install Caché in a Windows domain, the Windows domain administrator must create a service account for each Caché server on a non-Windows machine that uses the Windows domain controller. Create one service account for each machine, regardless of the number of Caché server instances on that machine. A suggested naming convention for these accounts is “cacheHOST,” which is the literal, cache, followed by the host computer name in uppercase. For example, if you run a Caché server on a non- Windows machine called UNIXSRVR, name the domain account cacheUNIXSRVR. For Caché servers on non-Windows platforms, this is the account that maps to the Kerberos service principal. When you create this account on the Windows domain controller, Caché requires that the account have the following characteristics: • Set the Password never expires property. • Set the Use DES encryption types for this account property 114 Caché Installation Guide
Preparing the Security Environment To set up a non-Windows Caché server in the Windows domain, it must have a keytab file from the Windows domain. A keytab file is a file containing the service name for the Caché server and its key. To accomplish this, map the Windows service account (cacheUNIXSRVR, in this example) to a service principal on the Caché server and extract the key from the account using the ktpass command-line tool on the domain controller; this is available as part of the Windows support tools from Microsoft. The command maps the account just set up to an account on the UNIX-based or OpenVMS machine; it also generates a key for the account. The command must specify the following parameters: Parameter -princ -mapuser -pass -crypto -out Description The principal name (in the form cache/@). The name of the account created (in the form cache). The password specified during account creation. The encryption type to use (use the default, DES-CBC-CRC, unless specified otherwise). The keytab file you generate to transfer to the Caché server machine and replace or merge with your existing keytab file. Important: The principal name on UNIX-based and OpenVMS platforms must take the form shown in the table with the literal cache as the first part. Once you have generated a key file, move it to a file on the Caché server with the key file characteristics described in the following section. D.1.6 Create Service Accounts for Non-Windows Caché Servers with a KDC In a non-Windows environment, you must create service principal accounts for all UNIX, Mac, or OpenVMS Caché servers using a UNIX, Mac, or OpenVMS KDC. Once you have an operational KDC, you need to add a service principal account for each Caché server. The service principal name is of the form cache/@. D.1.6.1 Key File Characteristics Once you have created this principal, extract its key to a key file on the Caché server with the following characteristics: • On Mac and most versions of UNIX, the pathname is install-dir/mgr/cache.keytab. On Tru64, the pathname is /krb5/v5srvtab; on SUSE Linux, it is /etc/krb5.keytab. Caché Installation Guide 115
Page 1 and 2:
Caché Installation Guide Version 2
Page 3 and 4:
Table of Contents About This Book .
Page 5 and 6:
5.1.2 Supported Platforms and Web S
Page 7:
List of Tables Components Installed
Page 10 and 11:
About This Book Default Caché Inst
Page 12 and 13:
Upgrading Caché You may upgrade di
Page 15 and 16:
2 Installing Caché on Microsoft Wi
Page 17 and 18:
If you are installing Caché from a
Page 19 and 20:
2. The DVD should autoload; if it d
Page 21 and 22:
Caché Installation Component Group
Page 23 and 24:
Caché Installation To perform a se
Page 25 and 26:
is part of a Windows cluster, you m
Page 27 and 28:
Caché Installation To perform a Ca
Page 29 and 30:
Post-installation Tasks 7. The Read
Page 31 and 32:
enable a previous Caché instance t
Page 33 and 34:
Special Considerations Locale optio
Page 35 and 36:
3 Installing Caché on OpenVMS This
Page 37 and 38:
Caché Installation 3.2.1 Transfer
Page 39 and 40:
Post-installation Tasks a. Owner of
Page 41 and 42:
1. Check if times in Caché and Ope
Page 43 and 44:
Special Considerations Note: This E
Page 45 and 46:
4 Installing Caché on UNIX and Lin
Page 47 and 48:
Caché Installation 4.2 Caché Inst
Page 49 and 50:
Caché Standard Installation DVD Mo
Page 51 and 52:
Caché Standard Installation The up
Page 53 and 54:
Caché Standard Installation CAUTIO
Page 55 and 56:
Caché Client Installation • Usin
Page 57 and 58:
Post-installation Tasks 4.6 Post-in
Page 59 and 60:
Special Considerations • Tru64 UN
Page 61 and 62:
Special Considerations Important: I
Page 63 and 64:
Special Considerations # ls -l /uni
Page 65:
Special Considerations zonecfg:test
Page 68 and 69:
Installing Caché on Mac 5.1.2 Supp
Page 70 and 71:
Installing Caché on Mac 8. For a c
Page 72 and 73: Installing Caché on Mac 3. Follow
Page 75 and 76: A Calculating System Parameters for
Page 77 and 78: A.2 OpenVMS Page Organization OpenV
Page 79 and 80: OpenVMS Physical Memory Allocation
Page 81 and 82: How Caché Uses OpenVMS Memory A.4
Page 83 and 84: A.5.1 Determine Parameter Calculato
Page 85 and 86: Alternatively, you may run the Open
Page 87 and 88: OpenVMS System Parameter Values Ana
Page 89 and 90: The is the name of the section you
Page 91 and 92: B Calculating System Parameters for
Page 93 and 94: By default, Caché automatically al
Page 95 and 96: ‡ The 1024 KB number is approxima
Page 97 and 98: The 2-GB value is the total address
Page 99 and 100: Kernel Parameter SEMMNI SEMMNS SEMM
Page 101 and 102: Configure UNIX Kernel Parameters
Page 103 and 104: Configure UNIX Kernel Parameters IB
Page 105 and 106: The following table lists the tunab
Page 107 and 108: ash$ ulimit -a core file size (bloc
Page 109 and 110: The ZFS Intent Log (ZIL) is used du
Page 111: Configure UNIX Kernel Parameters #s
Page 114 and 115: Using the Caché Installation Param
Page 120 and 121: Preparing for Caché Advanced Secur
show all

Caché Installation Guide - InterSystems Documentation

Create successful ePaper yourself

Delete template?

Save as template?