Product Documentation

Installation of SAKA begins on the Primary server. It installs the various components for the SAKA environment. It is assumed that the installers are familiar with Linux commands and the Linux operating system environment.

  1. If your appliance uses the TPM, verify that the BIOS Setup has activated the TPM. Steps will vary based on the supplier of the BIOS on the appliance; while one manufacturer will identify the task as “Enable the TPM”, another might indicate this as “Enable embedded security.” In either case, the task will require setting up a password for the BIOS Setup and then activating the TPM.

  2. Login to SAKA as root.

  3. Start up a shell window.

  4. Change the password of the root user to the one chosen for your site:

    shell> passwd
  5. Change directory to /usr/local/software/saka.

    shell> cd /usr/local/software/saka
  6. If the SAKA software distribution is not on the machine, unarchive the distribution to the /usr/local/software/saka directory:

    shell> tar zxvf /media/<device name>/SAKA-4.0-BuildNN-dist.tgz
  7. Using a text editor (gedit or vi), edit the following section of the install-saka.sh script to customize IP address, passwords, database size, etc.

    ##########################################
    # Company name for self signed certificate
    COMPANY="StrongAuth Inc"
    
    # Server Passwords
    GLASSFISH_PASSWORD=adminadmin
    LINUX_PASSWORD=ShaZam123
    MARIA_ROOT_PASSWORD=BigKahuna
    MARIA_SKLES_PASSWORD=AbracaDabra
    
    # Batch Request user 
    BR1_LINUX_USERNAME=domain1
    BR1_LINUX_PASSWORD=Prest099
    BR1_LINUX_LOCK='Y'                      # Lock Batch request user?
    
    # Servers in cluster. For larger clusters, add more lines like 'SERVER#=<FQDN>' where # = SID
    SERVER1=saka201.strongauth.com
    SERVER2=saka202.strongauth.com
    #SERVER3=saka203.strongauth.com
    #SERVER4=saka204.strongauth.com
    
    ##########################################

     

    • The COMPANY name will be embedded in the digital certificates generated during the installation process. Replace the default value with the name of your company. Do not use commas or special characters in the name; while spaces are allowed, restrict the name to 64 characters or less.

    • The GLASSFISH_PASSWORD parameter is the password for the admin user for the Payara application server. The admin user is responsible for administrating the Payara server through the provided asadmin command line tool.

    • The LINUX_PASSWORD parameter is the password for the strongauth user in the Linux operating system environment. The strongauth user owns all files installed under /usr/local/stronguath and is the owner of the SAKA application. While this password is initially used to setup the account and its privileges, this may be changed at a later time, if desired.

    • The MARIA_ROOT_PASSWORD parameter is the password for the root user of the MariaDB database. While this password is initially used to setup the account and its privileges, this may be changed at a later time, if desired.

    • The MARIA_SKLES_PASSWORD parameter is the password for the skles user of the MariaDB database. While this password is initially used to setup the account and its privileges, this may be changed at a later time, if desired.

    • The BR1_LINUX_USERNAME parameter is the name of the batch request user in the Linux operating system environment. This user is used to transfer files to and from the appliance for batch processing operations of the first encryption domain.

    • The BR1_LINUX_PASSWORD parameter is the password for the domain1 user in the Linux operating system environment. While this password is initially used to setup the account and its privileges, this may be changed later, if desired.

    • The BR1_LINUX_LOCK parameter is to determine whether the batch request user account will be locked. The account is locked by default. If you expect to use the batch processing features of the appliance, change the value of this variable to N.

    • The SERVER# variables define the servers in the SAKA cluster. For every appliance that will be a member of the cluster, create a variable named SERVER<SID> where SID is a numerically incrementing value starting at 1 with no gaps in the sequence. Assign the FQDN of each appliance to these variables.

  8. Run the install-saka.sh script:

    shell> ./install-saka.sh
  9. Log out of SAKA.

  10. Login to SAKA as strongauth.

  11. Start up two (2) shell windows.