IBM AD Web Services Prerequisites
Before you install and configure IBM® AD Catalog and IBM AD Audit, make sure that the following steps are performed:
- Any of the following Java™ Runtime Environments is installed:
- 64-bit AdoptOpenJDK 8/11/13 HotSpot
- 64-bit Java 8/11 Oracle
- 64-bit Java 8 IBM
- Any of the following database servers is installed and configured:
- Microsoft SQL Server
Microsoft SQL Server 2014/2016/2017/2019/2022 is installed and configured (accessible, if it is installed on a different machine). For more information, see Microsoft SQL Server Configurations at the end of this topic.
- Db2® for LUW (Linux®, UNIX, and Windows)If you use Db2 for LUW (Linux, UNIX, and Windows), IBM AD Dashboard will automatically create the Audit database for you if the prerequisites are met. For more information, see Prerequisite software for automatically creating the Db2 for LUW databases.Note: If the Audit database cannot be created automatically, you might want to check the instructions in Preparing repository using scripts for Db2 for LUW projects to troubleshoot and manually create the database.
- Db2 for z/OS®
If you use Db2 for z/OS, you must manually create the Audit database before you run the IBM AD Configuration Wizard or define a relational database server against Db2 for z/OS. To create the Audit database, complete the following steps:
1. Run the following SQL clauses to create the Audit database, tables, and indexes.--#SET TERMINATOR ; CREATE DATABASE EZAUDIT --STOGROUP CUSTOM_STOGROUP_NAME CCSID UNICODE ; SET CURRENT SCHEMA = 'EZAUDIT'; CREATE TABLE APPLICATIONS ( ID INTEGER NOT NULL, DESCRIPTION VARCHAR(255), NAME VARCHAR(255), CONSTRAINT APPLICATIONS_PK PRIMARY KEY(ID) ) IN DATABASE EZAUDIT; CREATE TABLE EVENTS ( ID INTEGER GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1), APPLICATION_ID INTEGER, DATE TIMESTAMP, INSTANCE_ID VARCHAR(255), IP VARCHAR(255), OPERATION_NAME VARCHAR(255), OPERATION_TYPE_ID INTEGER, PROJECT_NAME VARCHAR(255), USER_NAME VARCHAR(255), CONSTRAINT EVENTS_PK PRIMARY KEY(ID) ) IN DATABASE EZAUDIT; CREATE TABLE EVENTS_ARCHIVED ( ID INTEGER GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1), APPLICATION_ID INTEGER, DATE TIMESTAMP, INSTANCE_ID VARCHAR(255), IP VARCHAR(255), OPERATION_NAME VARCHAR(255), OPERATION_TYPE_ID INTEGER, PROJECT_NAME VARCHAR(255), USER_NAME VARCHAR(255), CONSTRAINT EVENTS_ARCHIVED_PK PRIMARY KEY(ID) ) IN DATABASE EZAUDIT; CREATE TABLE EVENTS_INFO ( EVENT_ID INTEGER NOT NULL, INFO_VALUE VARCHAR(255), INFO_KEY VARCHAR(255) NOT NULL, CONSTRAINT EVENTS_INFO_PK PRIMARY KEY(EVENT_ID, INFO_KEY) ) IN DATABASE EZAUDIT; CREATE TABLE EVENTS_INFO_ARCHIVED ( EVENT_ARCHIVED_ID INTEGER NOT NULL, INFO_VALUE VARCHAR(255), INFO_KEY VARCHAR(255) NOT NULL, CONSTRAINT EVENTS_INFO_ARCHIVED_PK PRIMARY KEY(EVENT_ARCHIVED_ID, INFO_KEY) ) IN DATABASE EZAUDIT; CREATE TABLE NOTIFICATIONS ( ID BIGINT GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1), CREATED TIMESTAMP NOT NULL, MESSAGE_KEY VARCHAR(255), MESSAGE_VALUES VARCHAR(255), SOURCE VARCHAR(36) NOT NULL, TITLE VARCHAR(255) NOT NULL, TYPE INTEGER, CONSTRAINT NOTIFICATIONS_PK PRIMARY KEY(ID) ) IN DATABASE EZAUDIT; CREATE TABLE USAGE_DETAIL ( ID BIGINT GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1), END_TIME TIMESTAMP, LOG_TIME TIMESTAMP, START_TIME TIMESTAMP, SUBTYPE VARCHAR(255), TYPE VARCHAR(255), VALUE BIGINT, CONSTRAINT USAGE_DETAIL_PK PRIMARY KEY(ID) ) IN DATABASE EZAUDIT; CREATE TABLE USER_PROFILE ( ID BIGINT GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1), LAST_SEEN TIMESTAMP NOT NULL, USERNAME VARCHAR(255) NOT NULL, CONSTRAINT USER_PROFILE_PK PRIMARY KEY(ID), CONSTRAINT USER_PROFILE_USERNAME_UNQ UNIQUE (USERNAME) ) IN DATABASE EZAUDIT; CREATE TABLE USERS ( ID BIGINT GENERATED BY DEFAULT AS IDENTITY (START WITH 1, INCREMENT BY 1), CREATED TIMESTAMP NOT NULL, LICENSE_TYPE INTEGER, USERNAME VARCHAR(255) NOT NULL, CONSTRAINT USERS_PK PRIMARY KEY(ID), CONSTRAINT USERS_USERNAME_UNQ UNIQUE (USERNAME) ) IN DATABASE EZAUDIT; CREATE INDEX IN_SOURCE_CREATED ON NOTIFICATIONS (CREATED, SOURCE, ID); ALTER TABLE EVENTS_INFO ADD CONSTRAINT EVENTS_INFO_EVENTS_FK FOREIGN KEY (EVENT_ID) REFERENCES EVENTS ENFORCED; ALTER TABLE EVENTS_INFO_ARCHIVED ADD CONSTRAINT EVENTS_INFO_ARCHIVED_EVENTS_ARCHIVED_FK FOREIGN KEY (EVENT_ARCHIVED_ID) REFERENCES EVENTS_ARCHIVED ENFORCED;2. Copy the
db2jcc_license_cisuz.jarfile from your Db2 into the <IBM ADDI Installation Folder>/IBM AD Web Services/wlp/usr/shared/config/lib/global directory.
- Microsoft SQL Server
-
9080 and 9443 are the default ports that are used by the IBM Application Discovery WebSphere® Liberty Profile Service. Make sure that both ports are open, unused, and not blocked by your firewall. If the default ports are not available, you can check the troubleshooting tips at the end of this topic.
-
Starting with IBM AD V5.1.0.7, you don't need to perform the pre-configurations of IBM WAS Liberty Web Server and the pre-configurations of SQL database for IBM AD Audit. Audit database is created automatically for Microsoft SQL Server users.
-
If you use Db2 for LUW (Linux, UNIX, and Windows) you must manually create the Catalog database. To create the Catalog database you can use the Db2 database client or you can start the Db2 command window and execute the following clause:
db2 create database CATDB using codeset UTF-8 territory en PAGESIZE 16384Note: Once the Catalog database has been created make sure to configure the Catalog Service to run on Db2 for LUW with TLS. For more information see, Configuring the Catalog Service to run on Db2 for LUW. - An SQL database needs to be manually created by your database administrator for IBM AD Catalog. Note:
- The name of this database must match the name of the database that will be added in the server.xml configuration file, during the configuration process of IBM AD Catalog. For more information, see Configuring the Catalog Service.
- The database user that is used in the server.xml configuration file and connects to the Catalog database needs to have the db_owner database role membership.
How to set up manually the Catalog database- Start SQL Server Management Studio.
- Log in by using the username and password for the IBM AD SQL Identity, as defined in Microsoft SQL Server Configurations.
- Right-click Databases and choose New Database.
- Enter the Catalog database name, for example: catalog_db and press OK.
- As a result the catalog_db database is created.Important: The Catalog database will be automatically populated when Data Collector starts for the first time.
For Data collector the version of the target z/OS Connect server must be 3.0.2 or higher.
Troubleshooting tips: Changing the default ports for IBM Application Discovery WebSphere Liberty Profile Service
IBM Application
Discovery WebSphere Liberty
Profile Service uses 9080 and 9443 as the default
ports. If the default ports are not available, then determine the
ports that are available and that you would like to assign to IBM Application Discovery WebSphere Liberty Profile Service. When
the ports are determined, complete the following steps to update the
default ports for IBM Application Discovery WebSphere Liberty Profile Service.
- Install IBM ADDI as described in Installing components with the IBM ADDI Installer. By default, for clean installations, the installer will open the IBM AD Configuration Wizard in the system's default browser. But since the default ports for IBM Application Discovery WebSphere Liberty Profile Service are not available, it wouldn't start correctly and the IBM AD Configuration Wizard would report an error similar to "This page cannot be displayed" or "Unable to connect" or "This site can’t be reached" depending on system's default browser.
- To confirm if it's a port conflict issue, open the
console.logfile under the <IBM ADDI Installation Folder>/IBM AD Web Services/wlp/usr/servers/ad_server/log/ directory, and check if you notice error messages that are similar to the following example:[ERROR ] CWWKO0221E: TCP Channel defaultHttpEndpoint initialization did not succeed. The socket bind did not succeed for host * and port 9080. The port might already be in use. Exception Message: Address already in use: bind [ERROR ] CWWKO0221E: TCP Channel defaultHttpEndpoint-ssl initialization did not succeed. The socket bind did not succeed for host * and port 9443. The port might already be in use. Exception Message: Address already in use: bind - When the port conflict issue is confirmed, stop the IBM Application Discovery WebSphere Liberty Profile Service. The service can be stopped from Windows Services (services.msc) by locating IBM Application Discovery WebSphere Liberty Profile Service and clicking Stop.
- Open the
server.xmlfile and update thehttpPortandhttpsPortproperties in the following section.
Example:<httpEndpoint httpPort="9080" httpsPort="9443" id="defaultHttpEndpoint" host="*" />
The<httpEndpoint httpPort="<new http port>" httpsPort="<new https port>" id="defaultHttpEndpoint" host="*" /><new http port>and<new https port>in the example represents the new port numbers that you want to use. - Save the
server.xmlfile with your changes. - Restart the IBM Application Discovery WebSphere Liberty Profile Service. The service can be started from Windows Services (services.msc) by locating IBM Application Discovery WebSphere Liberty Profile Service and clicking Start.
- Wait for the IBM Application Discovery WebSphere Liberty Profile Service and Audit application to start successfully.
- Open the browser and visit the IBM AD
Configuration Wizard at http://<host or
ip address>:<new http port>/ad-audit/setup.
For example, if you want to use
localhostas the host address and 9090 as thehttpPort, then you can access the IBM AD Configuration Wizard at http://localhost:9090/ad-audit/setup.