Rally Installation Guide - Rally Help - Rally Software

Rally On-Premise GuideRally Installation GuideRally On-Premise Release 2013.1E-mail: rallysupport@rallydev.comhttp://www.rallydev.comVersion 1© 2013 Rally Software Development Corp.

Rally ® Installation GuideFor On-Premise DeploymentOverviewRally’s popular subscription software for Agile Software Lifecycle Management may bedeployed, as an option, on your own company premises. In this case, Rally is installed onyour own server within your company’s IT infrastructure.Rally uses VMware ® software to create a self-contained environment that includes its ownvirtual hardware, operating system, application servers, application software, and databasemanagement system. Once installed, Rally is accessible via your local intranet or VirtualPrivate Network.Server RequirementsOn-Premise base requirements:• VMWare platform with 64-bit support. This includes ESX 3.5.x and ESX 4.0 (vSphere).• 64-bit capable processors with hardware virtualization (Intel ® VT-d, AMD AMD-V)• Complete checklist for 64-bit guest support:http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003945• At least 6.0 GB of RAM for Rally’s use (or at least 6 GB RAM for a server dedicated toRally). Rally Software recommends 8 to 12 GB of RAM for improved performance forsubscriptions that may serve a higher volume of requests.• 150 GB of disk space for Rally’s VMware image• A DVD-ROM drive or network access to a server with a DVD-ROM drive (If youreceived the VMware image on a DVD disk).

Rally On-Premise Guide4. Configure your Network Information.Upon first boot, various steps will be needed to configure the system. For thefollowing instructions, work from the VMware Client console.a. You will be prompted with the screen belowb. Select ‘Edit Devices’c. Select eth0 (eth0) to edit6 © 2013 Rally Software Development Corp.

Rally On-Premise Guided. Enter a static IP address or leave as DHCP.If you assign a static IP address, the Name and Device field should beconfigured as eth0. (This does not refer to the VM machine hostname).If you use DHCP and have a DHCP-enabled DNS server, the virtual imagewill register itself as rallyonprem in DNS.e. Click OK and you will be returned to the Network Interface screen.f. If you would like to Configure Domain Name Service for your domains you canselect to Edit the DNS configuration.g. *IMPORTANT: *DO NOT* change the internal Hostname. Changing this willprevent the Rally Application from starting (the Hostname shows up as“rallyonprem-oraclese.f4tech.com”. You may only be able to see“ese.f4tech.com” on the screen).Configure Domain Name Service (DNS) on your primary and secondary DomainName Servers if you wish to use domain name references (rather than static IPaddresses) to use Rally. Follow your company guidelines to configure DNS toaccess the Rally Control Panel and the Rally software application (if you don’t doit here, you may configure the DNS servers via the Rally control panel at a latertime)© 2013 Rally Software Development Corp. 7

Rally On-Premise GuideWait about 5 minutes for the server to complete the booting processOnce the booting process is completed you will be presented with the URL informationto login to the Rally On-Premise Control Panel and the Rally ALM application.8 © 2013 Rally Software Development Corp.

5. Launch the Rally Control Panel from your Internet browser.Rally On-Premise Guidea. By default, Rally expects a secure http connection to the console. (To changethis, see the Web Server Settings section of this document.)If you configured a static IP address in Step 4, go to the URL:https:///controlpanel/Otherwise go to the domain that you have configured for Rally:https:///controlpanel/b. The first time you access Rally using https, you may receive an invalid SSLcertificate message from your browser. The Rally On-Premise solution isshipped with a self-signed SSL certificate. To update this certificate to yourown, please see the SSL Certificate section of this document.© 2013 Rally Software Development Corp. 9

Rally On-Premise GuideRally Control PanelUse the Rally Control Panel to manage these administrative tasks:• Change your password• Backup and restore Rally data• Restart the Rally application• Restart the server• Activate licensing for your subscription• View subscription details• Export log files• Administer server settings• View Server information and diagnostic tools• Upgrade Rally application software10 © 2013 Rally Software Development Corp.

Rally On-Premise GuideChange Your PasswordIt is advised that on a regular basis you change your password for access to the Control Panel.To change your password:1. Click the Change Your Password link that is located at the top right portion of the ControlPanel screen.2. Type your new password into the New Password field.3. Retype your new password into the Retype Password field.4. Save your changes by clicking Reset Your Password.© 2013 Rally Software Development Corp. 11

Rally On-Premise GuideBack Up/RestoreThe Back Up/Restore features help you to manage snapshots of your Rally data. Three optionsare available: Back Up, Restore and Schedule. To access these features, click Back Up/Restoreon the Feature Menu.Back UpThe Back Up feature enables you to back up a snapshot of your Rally data to an alternatelocation. By default, the Back Up tab is activated when you click the Back Up/Restore feature.12 © 2013 Rally Software Development Corp.

Rally On-Premise GuideTo back up your Rally application data:1. Click Back Up/Restore on the Feature Menu.2. Enter the User Name for the account on your FTP or SFTP server where you willsave your data.3. Enter the associated Password.4. Enter the URL for the directory or folder where you will save your backup data.e.g., sftp://www.backupserver.com/backupdirectory/(Rally suggests you create a directory or folder to hold only Rally Backup files.)Rally automatically creates the file name for your backup data and stores the file inthe directory that you indicate in the path. e.g.:2011.10.22-2-2011-10-28-11-21-54.tgz5. Click Send.Upon completion, you will see the message:Your Backup completed successfully.© 2013 Rally Software Development Corp. 13

Rally On-Premise GuideRestoreYou may restore any Rally backup file from your storage location to your Rally application.To restore your Rally application data:1. Click Back Up/Restore on the Feature Menu.2. Click the Restore tab.3. Select the FTP or SFTP option to indicate the File Transfer Protocol of your choice.4. Enter the User Name for the account on your FTP or SFTP server from where youwill retrieve your data.5. Enter the associated Password.6. To restore data from a server located in your private network, enter the Hostserver name and click Browse FTP. The FTP Browse window is populated withavailable directories/folders/files. (FTP Browse is not available when using SFTP.)7. Locate and click the file name to restore. The remaining fields (Remote URL andRemote File) are automatically populated with the related information based onyour selection.8. Click Send.9. Upon completion of the Restore, the resulting log will display the followingmessage: Your Restore completed successfully.14 © 2013 Rally Software Development Corp.

Rally On-Premise GuideScheduleYou can schedule your Backup to run automatically at a time you specify, localized to youroffice, Rally Server Instance, location.To schedule a backup of your Rally application data:1. Click Back Up/Restore on the Feature Menu.2. Click the Schedule tab.3. Select from the “Timezone” dropdown list to select a location closest to youroffice, Rally Server Instance, location4. Select the Daily or Weekly Backup frequency option in the How Often section.Continue to configure your schedule by selecting values from the related dropdown lists to set the time and the day of the Backup.5. Enter the Username for your FTP or SFTP server.6. Enter the Password for your FTP or SFTP server.7. Enter the URL path to the storage folder that you choose. (Note the exampleformat).© 2013 Rally Software Development Corp. 15

Rally On-Premise Guide8. Click Send. A confirmation message returns informing you of the successfulschedule. For example:Daily backup has been scheduled for hour 12 AM on host:ftp://atlantis9. Click the Schedule tab again. The Backup Status dialog box on the right of thedisplay now lists the scheduled backup.10. Click the Delete this Scheduled Backup link at any time to delete the scheduledbackup.16 © 2013 Rally Software Development Corp.

Rally On-Premise GuideRally ServicesRestart or Stop the Rally Application Service and manage the Search Service for your On-Premise installation using the Rally Services link on the Feature Menu.Rally Service (Rally Application)Rally suggests all application users be logged out during a restart of the Rally ApplicationService to avoid any conflicts.To restart the Rally Application:1. Click Rally Services on the Feature Menu.2. Click the Restart button.Your Rally Application is restarted and a brief log of actions is displayed in thedialog box.3. Before logging in again, please wait 5 minutes to allow enough time for the RallyApplication to restart all processes.To Stop the Rally Application:1. Click Rally Services on the Feature Menu.2. Click the Stop button.The Rally Application is shutdown and a brief log of actions is displayed in thedialog box.3. Once the Rally Application is stopped it can be restarted by clicking on the Restartbutton.© 2013 Rally Software Development Corp. 17

Rally On-Premise GuideSearch ServiceThe Search Service tab allows for disabling/enabling the Search Service in Rally. By defaultthe Search Service is enabled in Rally and searches in Rally are performed using the searchservice.To disable the Search Service, click on the “Disable” button. The search feature in Rally willbe reverted to the default search process and the Search Service process will be shutdown.The Search Service provides a process that is scheduled to run once per week to optimize theSearch Service index. This process will remove outdated files to keep the index size as smallas possible. However, should you need to run the Search Index Optimization; you may do soby clicking on the “Search Index Optimization” button.If an issue arises with the “Search Service Index”, the existing Index can be deleted and recreatedby clicking on the “Create Search Index” button.In general the Search Service should not need further management or intervention.18 © 2013 Rally Software Development Corp.

Restart ServerRally On-Premise GuideThe Restart Server feature provides the ability to restart the virtual server and the guestoperating system where the Rally Application is installed. Rally suggests all application usersbe logged out during a restart to avoid any conflicts.To restart the Rally virtual server:1. Click Restart Server on the Feature Menu.2. A confirmation message is displayed. Click OK to continue with the server restart.3. Your Rally Virtual Machine is restarted and the restart status will be visible via theVMware Console for the Rally Virtual Machine.4. Wait 5 minutes and log into the server.© 2013 Rally Software Development Corp. 19

Rally On-Premise GuideLicensingAfter successful installation of the Rally application, import your license file into Rally toactivate you subscription and make it accessible to Rally Users. The .asc file issent to you in an email from Rally. It is recommended you save this file to a secure locationon your local system.To import your.asc file:1. Click Licensing on the Feature Menu.2. Add your license key by browsing to your .asc file. Select the file andclick Open. The path to your file is stored in the Browse … box.3. Click Upload to import your license file.4. After successful import, a confirmation message is displayed:License successfully imported.5. Restart the Rally Application to apply the license to your installation.6. Subscription details contained within your license file are available fromSubscription List on the Feature Menu.20 © 2013 Rally Software Development Corp.

Rally On-Premise GuideSubscription ListThe Subscription List provides the details about your Rally Subscription that are containedwithin your license file. Use this option to help manage your users and determine anymodules that are appended to your installation.To review your Subscription details:1. Click Subscription List on the Feature Menu.2. The resulting display contains details of your Rally subscription.• Subscription_Id – Each subscription contains a minimum of two lines. Thefirst line reflects the Administrators account automatically created by Rally.The second line reflects details regarding the Users/Licenses purchasedfrom Rally. Each account is given an internal Rally ID which is reported inthis column.• Max_Users – This column displays the number of User licenses purchasedfrom Rally.• Expiration – The date of expiration of your Rally Licenses.• Name – The name of your Rally Subscription.• State – This column displays the status of your subscription such as Activeor Inactive.• Is_ XXX_Enabled – This column displays a binary value that indicateswhether or not your subscription is enabled for any specific Rally add-onssuch as Web Services, Defect Management and Quality Manager.© 2013 Rally Software Development Corp. 21

Rally On-Premise GuideLog FilesRally captures a log of server events in text files. These files may be used for diagnosticpurposes in attempting to troubleshoot problems that may occur with your Rally installation.Log files are compressed into a single .zip file.To access your Log files:1. Click Log Files on the Feature Menu.2. A new window opens and presents a File Download dialog box. Select the .zip file.3. You may review your log files at any time by clicking Open.4. Click Save to save your .zip file to a location that can be accessed outside of theRally Control Panel.5. If necessary, email the .zip file to Rally Technical Support for assistance withdiagnosis and troubleshooting.22 © 2013 Rally Software Development Corp.

Rally On-Premise GuideServer SettingsUse Server Settings from the Feature Menu to configure DNS, Mail and Web Serverinformation. This information is used with Rally for access of Backup/Restore files and emailnotifications within the application. Rally suggests configuring DNS settings prior to enablingMail Server and Backup/Restore settings from the Feature Menu.You may also configure Network Time Protocol (NTP) synchronization servers using theServer Settings option.Network SettingsYou can configure your own DNS settings for your installation using the Network Settings tab.To enter your DNS Settings:1. Click Server Settings on the Feature Menu.2. Enter the Domain name of your Server in the Search Domain field.3. Enter the Primary DNS Server Address in the DNS Server 1 field.4. Enter the Secondary DNS Server Address, if applicable, in the DNS Server 2 field.© 2013 Rally Software Development Corp. 23

Rally On-Premise Guide5. Click Update to save your settings.6. Verify that the correct data is reflected in the Current DNS Settings section in thelower left portion of the page.Reset Network ConfigurationClicking on the “Reset the Network Interface” link will reset the Rally VirtualMachine so that the Network Configuration Interface prompt will be shown at thenext reboot of the Virtual Machine and Guest Operating System to allow forchanging the IP address of the Rally Application or setting up DHCP.24 © 2013 Rally Software Development Corp.

Rally On-Premise GuideMail Server SettingsMail Server settings are configured as part of the Server Settings feature.To use the email-dependent features of Rally, you must configure the address information foryour Mail Server in the Mail Server Hostname section of the Mail Settings tab. If you have apolicy that denies relaying of email, then enter your desired domain information in theOutgoing Email Domain area of the Mail Settings tab.To enter Mail Server settings:1. Click Server Settings on the Feature Menu.2. Enter your mail server host address in the Mail Host Address field.3. Click Update to save your mail server host address.4. After a successful update, your Mail Host Address is listed at the bottom of thepage in the Current Host field.5. You can delete your Current Host at any time by clicking the last line on the page:Click Here to delete this Host. The message Host Deleted appears in the Current© 2013 Rally Software Development Corp. 25

Rally On-Premise GuideHost field.6. To avoid Relaying Denied errors, masquerade your domain name by entering youremail domain name in the Email Domain field.7. Click Update to save your email domain name.8. After a successful update, your Email Domain Name is listed at the bottom of thepage in the Current Domain field.9. You can delete your Current Domain at any time by clicking the last line on thepage: Click Here to delete this Domain. The message Domain Deleted appears inthe Current Domain field.26 © 2013 Rally Software Development Corp.

Rally On-Premise GuideWeb Server SettingsRally uses secure HTTP to access your software after a typical installation. Although notrecommended, it is possible to override this setting and configure your installation of Rally touse a non-secure HTTP format using the Web Server Settings tab.To enable Non-Secure HTTP Access for your Web Server:1. Click Server Settings on the Feature Menu.2. Click the Enable option.3. Click Update to save your changes.4. A confirmation message stating Your Changes have been Saved is displayed in apop up window. Click OK to exit the window.© 2013 Rally Software Development Corp. 27

Rally On-Premise GuideNetwork Time SettingsThe Network Time Protocol (NTP) is a commonly used protocol for synchronizing computersystem clocks over data networks. NTP servers provide the synchronization point ofreference.To enter Network Time Settings:1. Click Server Settings on the Feature Menu.2. Click the Network Time Settings tab.3. Enter your primary NTP server hostname or IP address in the NTP Server 1 field.4. Enter your secondary (backup) NTP server hostname or IP address in the NTPServer 2 field.5. Click Update to save your NTP Server settings.6. After a successful update, your NTP Server Settings are listed at the bottom of thepage under the Current Time Servers heading.7. You may delete your NTP Server Settings at any time by clicking the last line onthe page: Click here to clear NTP servers.28 © 2013 Rally Software Development Corp.

Rally On-Premise GuideLDAP SettingsIf you have the Rally LDAP Module enabled on your Rally Subscription this page provides thesetup interface to enter information specific to your Rally Subscription and LDAPenvironment. For full information about setting up the Rally On-Premise LDAP Module, pleasesee the “Enabling the Rally On-Premise LDAP Module” section at the end of this guide.Description of each user-input field:LDAP Hostname: Requires the fully qualified Host name of the LDAP server.Port: The port number the LDAP server is listening on, typically “389”.Enable LDAP over SSL: Checking this box will allow your Rally application to connect to theLDAP server using SSL. The Port number may need to be updated as well if using SSL. For© 2013 Rally Software Development Corp. 29

Rally On-Premise Guidefurther information about importing a certificate to the Rally On-Premise server to be able touse LDAP over SSL, please see the “Java Keystore” section of this document.Select LDAP Vendor: This dropdown box allows you to select the vendor of your LDAPserver. The available options are Active Directory, Oracle Internet Directory (10g or 11g),and Oracle Directory Server 11g.Bind Username DN: The Bind Username field is used for authenticating to the LDAP server;this field needs the fully qualified name.Example: CN=LdapReadonly,CN=Users,DC=rallydev,DC=comBind DN Password: Password for the bind userLDAP Tree Base DN: This field is the Top Level Tree node of the LDAP Directory where yourusers/groups are located.Example: CN=Users,DC=rallydev,DC=comUser Name Attribute: The username attribute is the attribute that lives on the LDAP server,which should be a globally unique identifier within the directory. Once users are populatedthey will use the value of this attribute as their login name.Example: sAMAccountnameLDAP Group ManagementNote: Group Management is not required if you choose authentication with username andpassword only.Require membership in an LDAP group: This checkbox is selected by default. Uncheckingthe box confirms that users will be logged in via authentication only. If you disable the groupmembership option, the LDAP user syncing service will no longer be available. Usersauthenticating with Rally will no longer be required to have membership in a specific LDAPgroup.Group Name: The group on your LDAP server which contains the users you would like toallow access to Rally.Example: CN=RallyGroup,CN=Users,DC=rallydev,DC=comGroup Attribute: The Group Attribute for your LDAP Server. Generally, memberOf is usedwith Active Directory and isMemberOf, member, or uniqueMember is used with Oracleproducts. You will need to check with your LDAP Administrator to determine which one is inuse in your environment.LDAP SynchronizationNote: LDAP synchronization requires LDAP Group Management.Enable LDAP Synchronization Service: Enabling this feature will schedule a sync of anynewly added users from the LDAP Rally Group to the Rally Application. This sync isscheduled to occur every 15 minutes.30 © 2013 Rally Software Development Corp.

Rally On-Premise GuideRun LDAP Synchronization Immediately after “Save Settings”: Checking this box willforce a sync to run right after saving your LDAP settings.Rally Username: The Rally Subscription Administrator or Workspace Administrator accountthat will be used to create new users in the Rally subscription.Rally User Password: Password for the Rally Subscription Administrator or WorkspaceAdministrator.Save Settings & Restart Rally: Saves the Rally On-Premise LDAP Module settings and theRally Application is restarted automatically to enable LDAP Authentication within Rally.Test Connection: Once the LDAP Hostname, Port, Vendor, Bind Username DN, Bind DNPassword, and Group Name have been entered, you may use the ’Test Connection’ button totest the LDAP connection from the Rally Server. The test will first try to bind to the LDAPServer then attempt to search for the Group Name on the LDAP Server.Disable LDAP & Restart Rally: Deletes the LDAP Authentication settings on the RallyServer and the Rally Application is restarted to disable LDAP Authentication and enable theRally Application Authentication.© 2013 Rally Software Development Corp. 31

Rally On-Premise GuideRally LDAP User ReportOnce the Rally On-Premise Module is set up and enabled, the LDAP User Report is availableto show the current provision status of users in your Rally Subscription and the LDAPdirectory.Running the report will provide a text file with a listing of Users and if they are provisioned inRally, LDAP or both. The file also provides instructions on reconciling the Users between theRally Subscription and LDAP.32 © 2013 Rally Software Development Corp.

Rally On-Premise GuideSSL CertificateYour Secure Sockets Layer (SSL) certificate enables encryption of sensitive information thatis transmitted between the browser and the server during online transactions. Your SSLcertificate is also used to identify you as the registered owner of the domain that isreferenced in the transaction.You will need the certificate file, key file and if a chained SSL certificate is used, the SSLCertificate Bundle file. Customers who install Rally on premises have the option to generatetheir own certificate, purchase a certificate from a third party vendor, or use the Rallycertificate that is installed by default.If the domain owner of the URL does not match the owner of the SSL certificate, you may seean error from your browser warning you of the mismatch. Access to the Rally Web ServicesAPI may also be hindered if the domain owner of the URL does not match the owner of theSSL certificate.If your users are comfortable with understanding why the mismatch exists, you may clickthrough the error window and continue with your application experience. If you wish to avoidreceiving the error, then you will have to generate a certificate for your company domain andinstall it using the SSL Certificate tab in the Server Settings area of the Rally administrationconsole:© 2013 Rally Software Development Corp. 33

Rally On-Premise GuideInstall an SSL Certificate:1. Generate or purchase your certificate (this should be a single root or unchainedcertificate) and copy your certificate (.cert) and key (.key) files to the Rally server.Copy them to a convenient place where you may easily access them forinstallation. A “how-to” section on creating the files needed is available at the endof this section.IMPORTANT: Do not create a password for your key file.If you create a password for your key file, the Apache web server will try to promptyou for the password, and you will be unable to supply it via the console interface.2. Click Server Settings on the Feature Menu.3. Click the SSL Certificate tab.4. Click the Choose File button next to the SSL Certificate indicator to locate your SSLcertificate (.cert) file.5. Click the Choose File button next to the SSL Key indicator to locate your SSL key(.key) file.6. If your SSL Certificate is a chained certificate, click the Chain Certificate File checkbox. Click the Choose File button next to the SSL Certificate Bundle indicator tolocate your SSL Certificate Bundle file.7. Click the Upload button to upload and install your certificate and key files.8. Restart the server. (See the Restart Server section of this guide.)34 © 2013 Rally Software Development Corp.

Rally On-Premise GuideRestore Default SSL Certificate:If you would like to return to the default SSL certificate:1. Click Server Settings on the Feature Menu.2. Click the SSL Certificate tab.3. Click the Restore Default Certificates link at the bottom left of the SSL Certificatepage.© 2013 Rally Software Development Corp. 35

Rally On-Premise GuideCreating SSL Certificate for Rally On-Premisefrom a third party vendor:**This how-to assumes the openssl command is available on the system used tocreate the private keys You don't need to be on the Rally machine to do this, but thesteps below were created using a Linux machine. The steps may be different using aWindows machine with OpenSSL.**1. Generate a private keyopenssl genrsa -des3 -out www.mydomain.com.key 10242. Generate a Certificate Signing Request (this certificate will be used to generate ourssl certificate on the third parties site.)openssl req -new -key www.mydomain.com.key –out www.mydomain.com.csr3. Remove Passphrase from Keycp www.mydomain.com.key www.mydomain.com.key.orgopenssl rsa -in www.mydomain.com.key.org -out www.mydomain.com.key4. Submit your request to your third party vendor. The SSL certificate that isobtained should be a single root or unchained certificate.5. After submitting your CSR to a third party vendor they will send you a crt file. Thisfile will used in combination with the key we generated in step 1, to upload to ourOn-Premise image.6. Use the crt file the vendor sends you in combination with the key file yougenerated to upload to your On-Premise Image.36 © 2013 Rally Software Development Corp.

Rally On-Premise GuideJava KeystoreThe Rally On-premise LDAP solution supports the ability to connect to an LDAP server over anSSL connection. Before the server can connect securely, the certificate of this server willneed to be imported into the Java keystore located on the Rally On-Premise instance. To getstarted, locate the SSL certificate used by your LDAP server and copy it to a machine thathas access to the “Rally On-Premise Control Panel”. Once this is complete follow theinstructions below.Adding Public Keys1. Navigate to the “Keystore” page on the Rally Control Panel under “Server Settings” =>“Java Keystore”.2. Click the “Browse” button and select the certificate file from the LDAP server, then clickUpload.3. Once the upload has completed, the Rally Application will need to be restarted before thecertificate can be used for LDAP Authentication.Viewing Content of a KeyAfter a user has uploaded a key, the user can click on the “View Contents” link and verify thatthe correct key has been uploaded.Deleting a KeyIf a user decides a key is not needed anymore for Authentication, or by mistake uploaded anincorrect key, the user can click on the “Delete” link. After deleting the key the user needs torestart the Rally Application for the key to be deleted from the application server cache.© 2013 Rally Software Development Corp. 37

Rally On-Premise GuideServer DiagnosticsCurrent Server StatusThe Current Server Status page provides a snap-shot of the Rally On-Premise machine. Thepage provides the current disk usage, current memory usage and the usage of the databaseon the system. You may download the database usage output if needed to send to RallySupport.38 © 2013 Rally Software Development Corp.

Rally On-Premise GuideSearch Service StatusIf the Search Service has been enabled the Search Service status will be displayed at thebottom of the Current Server Status page. This section displays current settings, the indexdirectory size, next and last scheduled index optimizations and a link to download the SearchService logs should the need arise to review them or send them to Rally Support.© 2013 Rally Software Development Corp. 39

Rally On-Premise GuideNetwork SettingsThe Network Settings tab provides a listing of the current network settings on the Rally On-Premise machine.40 © 2013 Rally Software Development Corp.

Rally On-Premise GuidePingThe Ping tab provides the Ping utility for network troubleshooting purposes.Enter a computer name or IP address for a host you are trying to reach. Select the numberof times to run the Ping command and then Click the Ping button. If you have selected morethan one as the number of times to run the Ping command, the output may be delayed as itwaits for the Ping command to complete before displaying the output.© 2013 Rally Software Development Corp. 41

Rally On-Premise GuideTCP/IPThe TCP/IP tab provides access to the netcat utility (similar to telnet) to assist with networktroubleshooting.Enter a fully qualified computer name or IP address for a host you are trying to reach and aport number and then click the Connect button. The utility will attempt to connect to thedestination and will provide the result message in the TCP/IP output box. It may take a fewseconds for the results to show in the output box.42 © 2013 Rally Software Development Corp.

Rally On-Premise GuideEmail TestThe Email Test page provides the current status of Sendmail on the Rally On-Premise server,the current size of the Sendmail queue, and a way to test sending an email.To send a test email, enter the to and from addresses in the provided fields and then click onthe Test Email button. A test email will be sent from the Rally server. The Sendmail log filewill appear in the Email Test section of the form. It may take 3 seconds or so for the log toappear as the page will search the Sendmail log file for the recipient of the email and today’sdate to display the status of the test email.© 2013 Rally Software Development Corp. 43

Rally On-Premise GuideUpgrade RallyRally releases updated software builds approximately quarterly during the year. Informationabout the releases and other important news can be accessed by subscribing to the Rally On-Premise Blog at, http://www.rallydev.com/onpremblog/. You may deploy each release atyour convenience. Rally Technical Support will provide support for the currently releasedbuild of the Rally application.Bring up a new Rally VMware Machine. Most upgrades need to be done inthis fashion due to changes to the Rally VMware image:Bring up new version in parallel with old version (Recommended)1. Follow the instructions starting on page 5 of this guide to install the new version ofRally on your VMware server.2. When asked for the IP address, enter a new IP for this new instance.3. Follow the instructions to configure the Rally application and also import the license keyper page 19.4. Restart the new Rally Application so changes will take effect.5. Follow the instructions starting on page 13 to backup (Export) the old instance of Rallyfrom the old instance Control Panel.6. From the Control Panel of the new instance, Import (Restore) the file you exportedabove into the new version of Rally, instructions start on page 14.7. You may then verify all is working as expected with the new instance.8. Be sure to schedule the backups and configure the email (page 16 and page 24).9. Update your DNS settings (or advise users of the new IP) to point to the new IP addressbeing used by the new instance of Rally10. Shut down the old instance on the VMware server.Shutdown old version then bring up new version1. Follow the instructions starting on page 13 of the installation guide to backup (Export)the old instance of Rally.2. Shutdown the old instance of Rally3. Follow the instructions starting on page 5 of the installation guide to install the newversion of Rally on your VMware server.4. When asked for the IP address, use the same IP as the old instance of Rally or setupthe new IP information.44 © 2013 Rally Software Development Corp.

Rally On-Premise Guide5. Follow the instructions to configure the Rally app and also import the license key. Thelicense key will be a new one that has been sent or, if still valid, the previous licensecan be imported.6. Import (Restore) the file you exported in step 1 into the new version of Rally,instructions start on page 14.7. Confirm that the new instance is working and looks correct.Perform an upgrade via the Upgrade Rally link in the Control Panel:Note: Upgrading Rally from the Control Panel can only be performed in certaincircumstances. Use the steps below only if you have been told by Rally to use thisupgrade approach. Otherwise, follow the steps for upgrading listed above.1. Click Upgrade Rally on the Feature Menu. Note that the currently installed build of Rallyis displayed.2. Click Browse and navigate to the related Rally supplied *.zip file. Once selected, the filename appears in the Rally Upgrade File field.3. Click Upload and the file uploaded to the Rally server.4. Once uploaded click on the Upgrade button to upgrade your Rally installation to thenewest build.5. During the upgrade process, your Rally Server is restarted. After a successful upgrade,a message is displayed: Rally has been started, please wait 5 minutes before logging in.© 2013 Rally Software Development Corp. 45

Rally On-Premise GuideEmail all Rally UsersThe Email All Users link allows the Rally Server Administrator to send a text email to all theusers that currently have an enabled account in Rally. This can be used to notify the Rallyusers of upcoming maintenance or other Rally related messages. It is a text based email noHTML or Rich Text is included in the email message.The Email All Users page will attempt to send the emails to users that have an account inRally and are currently enabled. The page will hand off the email to the sendmail server onthe Rally Server to be sent. Delivery is not guaranteed and the page will only display anerror in sending the email if there is a problem when creating the email and passing it tosendmail. No other error logging is done.46 © 2013 Rally Software Development Corp.

Rally Login BannerRally On-Premise GuideThe Rally Login Banner link allows the Rally Server Administrator to enter either a BulletedList or Message that will be displayed on the Rally Login page. No markup text (HTML orXML) is allowed. The markup tags will be displayed as entered.Bulleted List:Displayed on Rally Login page:© 2013 Rally Software Development Corp. 47

Rally On-Premise Guide48 © 2013 Rally Software Development Corp.

A 550 character message may also be entered as a Rally Login Banner:Rally On-Premise GuideDisplayed on Rally Login page:© 2013 Rally Software Development Corp. 49

Rally On-Premise GuideTroubleshooting TipsIf you are experiencing issues, check these symptoms and try the recommended actions inthe order in which they are described below:SymptomRally stops responding.Backups fail. A failuremessage appears in outputtext.Rally appears to be slow.The mail server is notoperating.Your browser displays anerror warning you of acertificate mismatch.Connecting to Rally WebServices API fails with anerror similar to: "remotecertificate is invalid according tothe validation procedure"Recommended Actions1. Ping the server to verify that it is still available onthe network.2. Restart the Rally application from the control panel.3. Restart the server.In choosing the appropriate action below, considerwhether or not the backups have completed successfully inthe past:1. Try FTP-ing from another server to the serverwhere you are storing backups.2. Verify that firewall access is set to allow FTP orSFTP.3. Verify that there is enough free space at yourbackup destination.4. Verify that DNS is active and working.1. Check the resource allocation on your VMwareserver and notice if it indicates swap activity. Youmay need to allocate more memory.2. Check the network via tracert or some other meansto determine whether the network is congested orblocked.1. Check to determine that DNS is set up correctly.2. Check to discover if the server is attempting torelay the rallydev domain. This is usually notallowed. If this is the case, configure themasquerade option available via the control panel.The domain owner of the URL does not match the owner ofthe SSL certificate:1. Install an SSL certificate that is registered to thesame owner as the domain name.An SSL certificate is notavailable for your domain.1. A certificate is generated by default for the domain:rallyonprem. This is secure, but will produce anerror if you wish to use another domain name.50 © 2013 Rally Software Development Corp.

2. Enable non-secure SSL.Rally On-Premise GuideYou are locked out of theRally control panel.Cannot access the RallyWeb Services APIdocumentation from the‘Help’ link within Rally1. Set up a ReadyTalk session.2. Call Rally support so that they may log in and resetyour password.1. Access the Web Services documentation directly bytyping the URL below into your web browser(change to the IP address orname of the server hosting your Rally tool):https:///slm/doc/webservice/© 2013 Rally Software Development Corp. 51

Rally On-Premise GuideEnabling the Rally On-Premise LDAP ModuleIntroductionBefore getting started you will need the following:1. A Rally On-Premise instance, version 2011.3 or later2. The Rally license key with the LDAP Module enabled3. If using an SSL connection to the LDAP server you will need to follow the steps in theJava Keystore section of this document to upload the SSL certificate from the LDAPserver to the Rally Java Keystore.4. Access to an LDAP Server with Read/Write Permissions and the connection information.There is a worksheet at the end of this guide, “Rally On-Premise LDAP moduleworksheet”, that can be sent to your LDAP administrator to provide the necessaryinformation to connect to the LDAP Server.5. An LDAP browser client is recommended to help with finding the correct locations ofnodes within a LDAP Directory. ( optional: a free client, LDAP Browser 4.5http://www.ldapadministrator.com/download.htm )6. Access to a machine with Ruby installedSetup Rally1. Load the Rally On-Premise image into a VMware server.2. Install the new Rally license key, with the LDAP Module enabled, from the Control Panelvia the “Licensing” page.3. After the license has been installed, restore a current copy of your existing databaseusing the “Restore” feature under “Backup/Restore”. Or, if you are installing Rally forthe first time, restart the Rally Application by clicking on the “Rally Services” link andthen clicking the “Restart” button for the new license key to be loaded.4. Ensure the DNS Settings entries have been filled in and saved on the “NetworkSettings” tab so that the LDAP Hostname will be properly resolved.52 © 2013 Rally Software Development Corp.

Rally On-Premise Guide5. Login to Rally as a Subscription Administrator or use the default SubscriptionAdministrator login, test@rallydev.com to create a new Workspace in Rally. Name thisnew Workspace, “Rally LDAP” (or whatever naming convention is acceptable in yourenvironment). Click on ‘Setup’->`Workspaces & Projects’->`Actions’->`NewWorkspace…’ to create the new Workspace.6. Once the new Workspace is created and Saved, click on the “plus” icon next to the RallyLDAP Workspace that was created on the Workspace & Projects tab and then click onthe “edit” icon at the end of the “Sample Project” row to edit the name of the Project.7. Rename the Project to “Rally LDAP Project” (or whatever naming convention isacceptable in your environment). Save & Close.8. Click on the “Users” tab and create a new Rally User that is a SubscriptionAdministrator or Workspace Administrator (if your Rally Subscription allows WorkspaceAdministrators to add new users).© 2013 Rally Software Development Corp. 53

Rally On-Premise Guide9. You may set the User Name to whatever you choose as long as it is in a valid emailaddress format. Then set the email address to a valid email address so that theWelcome email for this newly created user will be sent to you so a password can be seton the new account. The LDAP Sync process will run as this user to login to Rally andcreate the new Rally users.10. Logout of Rally as the Subscription Administrator and login to Rally as the user createdabove. You should receive an email with a link to set the password.11. Click on the user name link in the upper right hand corner and then click on the “EditProfile…” button in the upper right hand corner.54 © 2013 Rally Software Development Corp.

Rally On-Premise Guide12. Set the Default Workspace and Project for the user to the Workspace/Project created insteps 5 & 7. This will be the default Workspace/Project to which newly created userswill be assigned when the LDAP Sync process is run. If this is not done, newly createdusers will be assigned to the first available Workspace/Project associated with the RallyUser account used when running the Rally LDAP Sync process. An existing RallySubscription or Workspace Administrator may be used for this process, however, it willbe necessary to set the appropriate Default Workspace on this user account so newUsers are created with the appropriate initial Workspace/Project permissions.© 2013 Rally Software Development Corp. 55

Rally On-Premise GuideSetup your LDAP Environment1. If you are an existing Rally On-Premise customer, follow these steps to update the RallySubscription with the LDAP Usernames for currently existing users. If this is a newinstallation of Rally On-Premise, please skip to the “Enabling LDAP on Rally On-Premise”section of this document.2. Create a unique Rally Group on your LDAP Server3. Update the LDAP server so the current Rally Users are members of the newly created“Rally” LDAP group (These users should already exist in your Rally Subscription)4. Before continuing, please have the following setup:• A machine with ruby 1.8.5 or higher running with the following Ruby Gems:rally_rest_api, fastercsv, & builder• Copy the “user_load_script.rb”, which should be available for download from thesame location as the Rally On-Premise download or provided to you by the RallySupport Team, to the machine containing Ruby5. Once the Rally application has started, login as a Subscription Administrator for yourRally Subscription or use the default Subscription Administrator login,test@rallydev.com6. Navigate to the Setup -> Users tab7. Ensure “All Users” is selected in the dropdown box in the upper left corner8. Click on the Page Tools dropdown and select “Export as CSV”56 © 2013 Rally Software Development Corp.

Rally On-Premise Guide9. This export will generate a User export CSV file. Edit this file such that the user emailaddresses are in the first column and in the second column enter the users “LDAPUsername” associated with this email. You should remove the test@rallydev.com userfrom this list if the user still exists in your Rally Subscription. Remove any additionaldata left over from the edit. The file should be similar to the format in the examplebelow.Example CSV format for the “user_load_script.rb” (email address,ldapname):user1@rallydev.com,fharrisonuser2@rallydev.com,sjohnsonuser3@rallydev.com,krobinson10. Copy the CSV file created in the previous step, to a machine with the“user_load_script.rb” installed. Prior to running the script, edit the “user_load_script.rb”and adjust the following values to fit your environment:rally_url = https:///slm (Address of the Rally Installation)rally_user = Rally Subscription Administrator or accountrally_password = Rally Passwordfilename = (Location and name of CSV file)11. Execute the “user_load_script.rb” by running “ruby user_load_script.rb”. Once thescript has completed, the Rally users are now associated with their corresponding LDAPlogin name. You may confirm this by checking that the “On-Premise LDAP UserName” field has been populated in the user’s profile.© 2013 Rally Software Development Corp. 57

Rally On-Premise GuideEnabling LDAP on Rally On-Premise1. Prior to Enabling LDAP on the Rally On-Premise system, you will need information aboutthe LDAP environment at your company. There is a worksheet at the end of this guide,“Rally On-Premise LDAP module worksheet”, that can be sent to your LDAPadministrator to provide the necessary information to connect to the LDAP Server.2. The Rally server can now be configured for LDAP Authentication by logging intothe “Control Panel” and navigating to:Server Settings -> LDAP SettingsDescription of each user-input fields:LDAP Hostname: Requires the fully qualified Host name of the LDAP serverPort: The port number the LDAP server is listening on, typically “389”58 © 2013 Rally Software Development Corp.

Rally On-Premise GuideEnable LDAP over SSL: Checking this box will allow your Rally application to connectto the LDAP server using SSL. The Port number may need to be updated as well if usingSSL. For further information about importing a certificate to the Rally On-Premiseserver to be able to use LDAP over SSL, please see the “Java Keystore” section of thisdocument.Select LDAP Vendor: This dropdown box allows you to select the vendor of your LDAPserver. The available options are Active Directory, Oracle Internet Directory (10g or11g), and Oracle Directory Server 11g.Bind Username DN: The Bind Username field is used for authenticating to theLDAP server, this field needs the fully qualified name.Example: CN=LdapReadonly,CN=Users,DC=rallydev,DC=comBind DN Password: Password for the bind userLDAP Tree Base DN: This field is the Top Level Tree node of the LDAP Directorywhere your users/groups are located.Example: CN=Users,DC=rallydev,DC=comUser Name Attribute: The username attribute is the attribute that lives on theLDAP server, which should be a globally unique identifier within the directory. Onceusers are populated they will use the value of this attribute as their login name.Example: samaccountnameLDAP Group ManagementNote: Group Management is not required if you choose authentication with usernameand password only.Require membership in an LDAP group: This checkbox is selected by default.Unchecking the box confirms that users will be logged in via authentication only. If youdisable the group membership option, the LDAP user syncing service will no longer beavailable. Users authenticating with Rally will no longer be required to havemembership in a specific LDAP group.Group Name: The group you created in step 2 of “Setup your LDAP Environment” onyour LDAP server which contains the users you would like to allow access to Rally.Example: CN=RallyGroup,CN=Users,DC=rallydev,DC=comGroup Attribute: The Group Attribute for your LDAP Server. Generally, memberOf isused with Active Directory and isMemberOf, member, or uniqueMember is used withOracle products. You will need to check with your LDAP Administrator to determinewhich one is in use in your environment.LDAP SynchronizationNote: LDAP synchronization requires LDAP Group Management.Enable LDAP Synchronization Service: Enabling this feature will schedule async of any newly added users from the LDAP Rally Group to the Rally Application.This sync is scheduled to occur every 15 minutes.Run LDAP Synchronization Immediately after “Save Settings”: Checking thisbox will force a sync to run right after saving your LDAP settings.© 2013 Rally Software Development Corp. 59

Rally On-Premise GuideRally Username: The Rally Subscription Administrator or Workspace Administratoraccount that will be used to create new Rally users.Rally User Password: Password for the Rally Subscription Administrator or WorkspaceAdministrator.Test Connection: Once the LDAP Hostname, Port, Bind Username DN, Bind DNPassword, and Group Name have been entered, you may use the ’Test Connection’button to test the LDAP connection from the Rally Server. The test will first try to bindto the LDAP Server then attempt to search for the Group Name on the LDAP Server.Disable LDAP & Restart Rally: Deletes the LDAP Authentication settings on the RallyServer and the Rally Application is restarted to disable LDAP Authentication and enablethe Rally Application Authentication.3. Save the LDAP Settings by clicking the Save Settings & Restart Rally button.4. The Rally Application will be automatically restarted which will enable LDAPAuthentication. Once the Application has been restarted all provisioned users will nowbe able to login using their unique LDAP username and password.Running the LDAP SyncThe LDAP sync runs several services to update the Rally user accounts based on the specifiedLDAP group and the LDAP vendor.The sync will first query LDAP for all the users in the specified LDAP group. It will then checkto make sure all the users in that group are in Rally and that the accounts are enabled in Rally.A check is then done for enabled Rally accounts that do not exist in the specified LDAP Rallyuser group. If there are accounts in Rally that are not in the LDAP group, the Rally accountsare disabled.If you are using Active Directory a second service (Service 2) is run to disable any Rally useraccounts that have been disabled in Active Directory, whether or not they are in the specifiedRally group in LDAP. The second service will not be run for Oracle LDAP servers.An example of the log output when an LDAP sync is run using Active Directory is below.60 © 2013 Rally Software Development Corp.

Rally On-Premise GuideAn example of the output for the second service when running the sync against an OracleLDAP server is below.Backup and Restore of LDAP SettingsThe LDAP settings will be saved during a Backup of the Rally On-Premise Server. Once theLDAP Module is enabled or if the LDAP Settings are updated, perform a Backup of the Rally On-Premise Server from the Backup/Restore link on the Control Panel to ensure that the properLDAP settings are captured and not overwritten by a restore containing outdated LDAPconnection information.© 2013 Rally Software Development Corp. 61

Rally On-Premise GuideRally Idea Manager & Rally Support Manager IntegrationThe documentation for the Rally Idea Manager and Rally Support Manager Integrations aresupplied in a separate zip file:Rally-Manager-Integration.zipThe file is located at the same location where the Rally On-Premise Installation Guide wasdownloaded.62 © 2013 Rally Software Development Corp.

Rally On-Premise BlogRally On-Premise GuideBe sure to sign up for the Rally On-Premise Blog for information on upcoming releases,current news and discussions on the direction of the Rally On-Premise solution.http://www.rallydev.com/onpremblog/Contacting Technical SupportIf you encounter any issues or require additional service, please email Rally Support atrallysupport@rallydev.com .© 2013 Rally Software Development Corp. 63

Rally On-Premise GuideRally On-Premise LDAP Module WorksheetLDAP Hostname:________________________________________________Fully-qualified Host a name of the LDAP server, i.e. directory.mycompany.comLDAP Port:_____________________________________________________Port that LDAP server listens on. Typically 389, If LDAP over SSL, 636LDAP SSL-Enabled?LDAP Vendor and Version: ________________________________________Example: Oracle Identity Server 11g, Active DirectoryLDAP SSL Certificate to Load into Rally Keystore?LDAP Bind Username DN: _________________________________________Example: CN=myLDAPUser,CN=Users,DC=mycompany,DC=comLDAP Tree Base DN: _____________________________________________Example: CN=Users,DC=mycompany,DC=comLDAP User Name Attribute: ________________________________________Example: sAMAccountName, uidLDAP Group Name for Rally Users: __________________________________Example: CN=rallygroup,DC=mycompany,DC=comLDAP Group Attribute: ___________________________________________Example: member, memberof, uniquememberBefore the Rally Administrator turns on LDAP, LDAP Administratorplease:1. Add the Rally Users to LDAP Rally Group2. Make sure LDAP Server is set to accept connections from Rally Server3. If LDAP over SSL, provide LDAP Server’s SSL Certificate to RallyAdministrator for import into keystore.64 © 2013 Rally Software Development Corp.