How to Install Security Identity Manager Adapter Development Tool IBM ADT

This article highlights the steps to install IBM Tivoli Identity Manger Adapter Development Tool (ADT). The installation steps are simple just like any windows software, but getting it to work is little tricky.

Since ADT is only available in 32 bit version and most of us have 64 bit Security Directory Integrator (SDI) or Tivoli Directory Integrator (TDI, old name). It will be installed without any issues on 64 windows machines, but when you’ll try to save a project inside ADT it’ll give errors. As long as you are using it on 32 bit machine everything works fine. Follow the steps below to get it working on 64 machines.

Installation prerequisites:

• 64 bit JDK
• Security Directory Integrator (SDI)

In order to avoid errors on 64 machine, follow the steps below after installation:

1. Copy the JRE folder from the 32 bit SDI. JRE folder is present in the home folder on the SDI installation directory
2. Paste the JRE folder copied in the previous step in the home folder of ADT.
3. The JRE folder must be from 32 bit SDI otherwise ADT will not work properly in 64 bit environment.

Step by Step Instructions to Create Yum Local Repository

This article highlights the steps to create an offline yum repository. It is quite possible that during the deployment of many enterprise solutions, the Linux OS platform i.e. RHEL (Redhat Enterprise Linux) is not registered with Redhat (Although Enterprises can’t just run their servers on unregistered version but registration will take some time).

So if RHEL is not registered it means you can’t resolve rpm dependencies using online repos. Luckily, there is an option to create a yum local repository provided the packages from the existing RHEL system. Follow the steps below to create an offline yum repository.

• Locate the rpm packages folder from an existing RHEL system.

• Create a folder RPMS under /mnt.

• Move all packages to the location /mnt/RPMS.

• Manually install below mentioned packages with the command rpm –ivh <rpm package name> in the order as shown below (createrepo packge has two dependencies deltarpm and python-deltarpm).
• deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm
• python-deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm
• createrepo-0.9.9-17.el6.noarch.rpm

• Create a file local.repo inside /etc/yum.repo.d with the following parameters:

• Enter below mentioned commands to refresh the yum cache.

• Yum clean all

• Yum repolist (you will see local repo in the list of repositories).

Now you have configured the yum local repository. Enter yum install command to resolve dependencies automatically.

How to Install IBM DB2 step by step

This article will show complete steps to install IBM DB2. Follow the steps below to install DB2.

• DB2 installation media will be in. tar.gz format first of all extract it using the terminal or right click to uncompress it. Use the below mentioned command to extract using terminal
• tar -zxvf <media name.tar.gz> -C <directory path where you want to extract>

• Open the terminal and navigate to the folder where you have extracted the DB2 setup. Run the command to check whether OS meet all required prerequisites or not.
• ./db2prereqcheck –v version name i.e. ./db2prereqcheck –v 10.5.0.3
• Run the. /prereqSAM present in server/db2/linuxamd64/tsamp also to check Tivoli System Automation scripts prerequisites if you are planning to configure HADR with failover automation with this DB2. Usually prereq utility as for ksh package, install it using yum install command.

• If there are dependencies which are not met, then use Yum install command to resolve those dependencies. You can also create an offline repository if you Linux system is not registered with redhat yet.

• When all the requirements are met, then run the command “./db2setup” to launch the setup. Following setup windows will be displayed.

• Click on "Install a Product" and install IBM DB2 Enterprise Server Edition.

• Accept the license agreement and click Next.

• Continue with Typical installation mode.

• Continue with "Install DB2 Server Edition on this computer and save settings in a response file"

• Go with default installation directory and click next.

• Enter password for a DB2 Administrative User.

• Select "Create DB2 instance" radio button.

• Select "Single partition instance" and click Next.

• Enter instance owner and fenced user passwords and click Next.

• Select notification settings according to your requirement and hit Next. Setup will take some time to install DB2.

• Following message will be displayed when the setup has finished installing DB2. Check the setup logs for any errors.

How To Be a Good Technical Consultant (IBM Security Solutions)

A good technical consultant should develop troubleshooting skills. Over the course of my professional career, I have seen many technical people who don’t even bother to read release notes or installation instructions and jump into installation and configuration which in my opinion is not a best practice. Similarly, there are people when they face any issue in coding a workflow or configuring an assembly line they consult directly with a senior consultant without checking the logs for errors.

Logs are a great source to identify the problem when it comes to troubleshooting. We should always consult the log files to look for errors before posting a technical problem on forums or contacting a technical support. To completely understand the problem, one also needs to understand the logical meaning of basic errors, i.e. Null pointer exception, Java out of memory etc. Sometimes a minor mistake can take hours to fix. So a good consultant should always follow the release notes, installation guide and when it comes to troubleshooting, product LOGS are your best friend.  

Overall logging mechanism has been improved for ISIM virtual appliance, it has been simplified and is easy to increase the log level from Appliance LMI. For SDS (Security Directory Server) lbmslapd.log file present in instance’s home folder records every detail related to the instance. DB2 diagnostic log file db2diag.log present in the home folder of db2 instance, records errors related to the DB2 instance. ISIM adapter logs are recorded in the ibmdi.log file present in the folder timsol inside the TDI installation directory. There is a log configuration file log4j.properties in the same location by which log level can be increased for adapters. I hope this article helps technical consultants working on IBM Security products.

Step by Step Guide to Install and Configure SMTP Relay Server for ISIM VA emails

For ISIM to send emails, IBM Security Identity Manager (ISIM) needs to be integrated with SMTP server of your organization. The SMTP server can be on premise exchange or a cloud based like Office365 and Google Services. In ISIM virtual appliance and software there are only three options for SMTP related settings: SMTP Address (The address of SMTP server), Email ID and port on which ISIM communicates with the SMTP server.

There is no option for password of the service account to be used by ISIM to send emails. For local exchange, there are workarounds like we can add an exception like permit all traffic from ISIM machine IP and don’t bother to ask for password but for cloud based solutions like Office 365, we cannot add these kind of exceptions.

Luckily, there is a solution to this problem. In windows servers, there is an option to setup a relay server which is itself an SMTP server. We can configure it in such a way that ISIM sends emails to SMTP Relay server and relay server forward those emails to recipients using our cloud based Office 365 service account. Detailed step by step instructions are mentioned below:

Installation and Configuration of the SMTP Relay:

• On the Windows Server machine, go to the server manager-> features->add features and then   select SMTP Server. You may be prompted to install additional components, select them also. Click next and proceed with the installation. The installation of the SMTP Server will also install the IIS 6.0 as shown in the screenshots below:

• Open the IIS 6.0, and go into the properties of the SMTP Virtual Server 1.

• Go into the general tab-> click on advanced and add the IP address of the machine from the drop-down box on which the SMTP Server has been installed i.e. 192.168.10.111 and TCP port as 25. Don’t set the value of the TCP port other than 25 because ISIM only sends a request to the port 25 for the SMTP Server.

• In the general tab, click on enable logging and set the path of the log files by clicking on properties as shown below or go with the default location.

• Go into the Access tab, click on authentication and select anonymous access.

• In the access tab, click on relay and add the IP address of the appliance and application so that they can communicate with the Relay server.

• Go into the delivery tab and click on the Outbound Security. Select Basic authentication and in the user name field, enter the service account email address i.e. testaccount@isimhacks.com and then enter the password.  Also select the check box “enable TLS encryption” and click on ok.

• On the delivery tab, click on the outbound connections and for the TCP Port, enter the value “587”. Keep all other default values as it is.

• On the delivery tab, click on the advanced tab and enter “smtp.office365.com” for the fully qualified domain name and smart host options and click on ok.

• Click "Ok", at this point Relay server is configured and ready to use.

• To test the Relay server, follow the steps below:
• Create a text file using Notepad or another text editor. The file should contain the code shown below. Replace the source and destination email addresses with the addresses you will use to relay SMTP.

FROM: testaccount@isimhacks.com

TO: anyuser@isimhacks.com

SUBJECT: Test email

This is a test email sent from my SMTP Relay server



• Save the text file as Email.txt.
• Copy the Email.txt file into the following folder: C:\InetPub\MailRoot\Pickup.
• After a short time, the file should automatically be moved to the C:\InetPub\MailRoot\Queue folder. When the SMTP server delivers the mail, the file is automatically deleted from the local folder.
• If the SMTP server can’t deliver the message, a non-delivery report (NDR) is created in the C:\InetPub\MailRoot\BadMail folder.

• Open the ISIM Appliance console. Go to configure-> mail server properties. Click on configure and enter the values as per the below screen shot.

References:

1. Microsoft documentation
2. IBM knowledge Center

ISIM virtual appliance SMTP setup checks for valid SMTP Server

Hello everyone, the ISIM virtual appliance is been around for quite sometime now. IBM has enhanced ISIM and made developer's life much easier. On the other hand, some people might claim that it has killed the learning for those who just started their career in IBM Security Solutions as now developers don't have to create the messaging and application clusters manually and above all, no WAS (Web Sphere Application Server).

While configuring ISIM VA base version 7.0.0 for the first time, when setup prompts for SMTP server details as shown below, we used to pass dummy details as move on as these kind of details are pending with customer in a production environment and we can modify it any time so for the sake of installation we used to do so.

Now the setup won’t let you move forward until it finds a valid SMTP server at the address you provide. There are two hacks to this:

1)     If internet is enabled on the virtual appliance then you can simply type: smtp.gmail.com the google mail server.

2)     If internet is not enabled, then you can use dummy SMTP servers (smtp4dev) available on internet to dodge the setup. Just run the exe file of SMTP server on a network machine and provide the IP address of that machine in the SMTP server Address.

SMTP4dev is a good option not only to dodge the setup, but also to check and test the emails from ISIM. It has options which are not available on most of the fake SMTP server on the internet: It has the maximum session option, you can choose the network interfaces attached to your machine to choose on which interface the server should operate and you can manually configure the port, if any other program such as SMSC is using port 25.

It can be downloaded from: https://smtp4dev.codeplex.com/

Best regards,

M Danial Arshad