To enter the initial configuration for a ICPAM appliance, do the following:
Step 1 Log on to the appliance, as described in Connecting a PC to the Appliance.
Step 2 Enter the server configuration, as shown in below:
Note The version and serial number are not configurable.
a. Type: Select the server type to enable the configuration options for the appliance.
§ Active Server: (Default) Select Active Server for a single appliance, or if the appliance is the active server in a redundant configuration.
§ Standby Server: Select Standby Server if the appliance is the standby server in a redundant configuration. A standby server must have the exact same configuration settings as the active except the network addressees, host name, and HA license.
b. Site Name: Enter a description for the appliance to identify the appliance on the network. This field is disabled for a standby appliance because the standby server assumes the active server's name when a failover occurs.
Enter any combination of letters and numbers up to 32 characters. Spaces are not allowed but dashes and underscore characters are allowed. For example: SJCSite1.
c. Click Next to apply the settings and continue.
Step 3 Enter the initial User settings to define the administrator password and email address. Enter the same settings on the active and standby appliance.
a. Username: The admin username cannot be changed. The default username is cpamadmin.
b. Current Password: Enter the administrator password. The default password is cpamadmin.
c. New Password: Enter a new administrator password. The administrator has full rights to configure the ICPAM appliance, and grant access rights to other users. The new password is required and must be entered to continue.
d. Re-enter Password: Re-enter the administrator password to confirm the setting.
e. Email Address: (Optional) Enter the email address that will receive system messages. This email address also receives Forgot Password emails (see Resetting a Forgotten Password).
f. Select Next to apply the settings and continue.
Step 4 Specify the Network configuration for the ICPAM appliance, as shown below. Note that:
§ The Shared IP address, Port and SSL are the same on the active and standby appliances.
§ The host name must be different for the active and standby appliances.
§ The Eth0 and Eth1 IP addresses must be different on the active and standby appliances.
§ All IP addresses must be on the same subnet.
Specify the following Network settings:
a. Host Name: Enter the host name on the active appliance. Enter a different host name on the standby appliance. The host name is used to identify the appliance on the local network and does not impact other configurations.
b. Shared IP Address: Enter the same IP address on the active and standby appliance. This address is transferred from the active to the standby appliance if a failover occurs. We recommend configuring a Shared IP ADdress on all appliances, even if the appliance is a standalone (non-HA) configuration. See Understanding IP Addresses on the ICPAM Server for more information.
The Shared IP address and the Eth0 IP address should be on the same subnet. Eth0 and Eth1 can be on separate subnets.
c. Transport Port: The default value is 8020. Enter the same number on the active and standby appliances.
d. SSL Enable For Server: Click the SSL check box to enable or disable secure IP communication between the ICPAM appliance and attached controllers. The settings must be the same on the active and standby appliances.
Note SSL is enabled by default on all controllers and ICPAM appliances. If SSL is disabled for a controller but enabled for ICPAM, the controller will not be able to connect to the appliance. If the SSL settings are changed, reset all controllers and the ICPAM appliance. Identiv recommends enabling SSL to ensure secure communications.
e. Eth0: (Required) Enter a static IP address for the Eth0 port. If the appliance is a standalone server, this port is the ICPAM appliance IP address. In a redundant (HA) configuration, the Eth0 port is used for HA communication between the active and standby appliance. The active appliance must have a different Eth0 IP address than the standby appliance.
See Understanding IP Addresses on the ICPAM Server for more information.
§ IP Address: Enter the IP address for the Eth0 port. This address should be on the same subnet as the Shared IP address, and must be different on the active and standby appliances.
§ Subnet Mask: Enter the subnet mask provided by your system administrator.
§ Gateway: (Optional) Enter the gateway provided by your system administrator.
f. Eth1: This port is disabled by default. You can enable and configure the Eth1 port for remote Internet connections to the ICPAM Server Administration utility.
§ Enable Interface: Click the check box to enable or disable the Ethernet interface.
§ DHCP: Click the check box to enable or disable DHCP. When DHCP is enabled, the IP following address fields are inactive since the information is supplied by a DHCP server.
§ IP Address: Enter the IP address for the Eth0 port. If configured, this address must be different on the active and standby appliances.
§ Subnet Mask: Enter the subnet mask provided by your system administrator.
§ Gateway: (Optional) Enter the gateway provided by your system administrator. If a gateway is provided for Eth0, leave this field blank.
g. Select Next to apply the settings and continue.
Tip Either the Eth0, Eth1 or Shared IP address can be used to connect a PC to the ICPAM Server Administration utility over the Internet. Ask your system administrator for the IP address used for this purpose in your system.
Step 5 (Optional) Enter the DNS Settings for the ICPAM appliance. Enter the same settings on the active and standby appliance.
a. Primary DNS: (Optional) Enter the domain name server (DNS) for the ICPAM appliance.
b. Secondary DNS: (Optional) Enter the secondary DNS.
c. Domain: (Optional) Enter the domain name for the appliance.
d. Click Next to apply the settings and continue.
Step 6 (Optional) Specify the SMTP email settings used to send messages from the ICPAM appliance. Enter the same settings on the active and standby appliance.
a. SMTP Server Address: Specify the SMTP server address used to send outgoing messages. Outgoing messages include event and other alarm information.
b. SMTP Email Address from: Specify the Email address that will appear in the From field for messages sent by the ICPAM appliance. This Email address is also the Reply To address.
c. Test: Click the Test button to send a test message and verify the SMTP settings. The test message is sent to the administrator Email address entered in User settings.
d. Click Next to apply the settings and continue.
Step 7 Specify the
Date and Time settings. Enter an initial date and time for the server.
These settings are used by the appliance and the controllers.
Specify the same settings on the active and standby appliance.
e. Date & Time: Click the calendar icon to open a pop-up window and select the current day. The current date and time are inserted from your computer’s date and time settings.
f. Time Zone: Select the time zone where the appliance is installed.
g. NTP enable: Select the check box to enable use of an optional Network Time Protocol server, used to automatically adjust the date and time for the ICPAM appliance.
Note We strongly recommend using NTP to synchronize the ICPAM appliance and gateway clocks to ensure correct event and messaging. See the Changing the NTP Setting for Multiple Gateways for more information.
h. NTP Server Address: If NTP is enabled, enter the NTP server IP address.
i. Click Next to apply the settings and continue.
Step 8 Specify the Event pruning and archiving settings.
· Pruned events are removed from the main events database table and placed in a separate events database, allowing you to reduce the size of the main database while keeping old events accessible on the ICPAM system. Pruned events are not visible in Events & Alarms, but are included in reports. Pruned events are also included in system backups.
· Archived events are removed from all ICPAM database tables and copied to a compressed file. The file includes a password-protected SQL script, and can be run on an offline database to view the purged events. Archived events are not visible in the Events & Alarms listings or Reports, and are not included in system backups. See the Archiving Historical Events for more information.
a. Select the Pruning tab and enter the following settings:
§ Live Events Window (days)—Enter a value between 0 and 500 (inclusive). This is the minimum number of days the events will be available in the live view. The default is 30 days. After the minimum number of days the events will be removed at the next scheduled pruning. For example, enter 30 to keep events in the live view for 30 days. After midnight on day 30, the events are subject to pruning and archiving (depending on the schedule defined in the following steps).
§ The Pruning Hours field is enabled only when you select Daily in Schedule. The default value is one.
§ For other options in the Schedule field, the Pruning Hours field is read-only.
Note • To
ensure that events are regularly pruned, we recommend entering 30 days
or less in the Live Events Window field.
Entering a value greater than 30 can cause an excessive number of event
entries to accumulate in the main database and negatively impact system
performance.
• The
number is rounded to midnight of the last day.
§ Schedule—define the time and frequency when events should be pruned.
– Date—To schedule pruning for one day per month, select Date and then select a day of the month. For example: 15.
– Weekday—To schedule pruning once per week, select Weekday and then select a day of the week. For example: Tuesday.
– Daily—To run pruning every day, select Daily.
– Time—Enter the time in 24 hour format (hh:mm:ss). For example, to run pruning at 2 p.m., enter 14:00:00. To run pruning at 1 a.m., enter 01:00:00.
b. Select the Archive tab and enter the following settings:
Tip The archive settings are required during the initial setup. After the server is up, you can disable auto-archiving if necessary. See the Archiving Historical Events.
• Enter and re-enter the administrator Password. This password is used to restore the archive file.
• Historic Events Window (days)—Enter the number of days that events will be available in the live view. After the minimum number of days the events will be archived to a compressed file. For example, enter 30 to keep events in the live view for 30 days. After midnight on day 30, the events are subject to archiving (depending on the schedule defined in the following steps).
• Enter a Schedule when the historic events will be removed from the pruned database and placed into a compressed archive file (archived files are listed above the entry fields).
– Date—To schedule archiving for one day per month, select Date and then select a day of the month. For example: 15.
– Weekday—To schedule archiving once per week, select Weekday and then select a day of the week. For example: Tuesday.
– Daily—To run archiving every day, select Daily.
– Time—Enter the time in 24 hour format (hh:mm:ss). For example, to run archiving at 2 p.m., enter 14:00:00. To run archiving at 1 a.m., enter 01:00:00.
• (Optional) Select Copy to remote server to automatically copy the archived event files to a remote FTP or SFTP location.
Note Only the three most recent archive files are saved. If you do not save the archive file manually or by copying it to a remote server, then the oldest file will be permanently deleted when the fourth file is created.
– FTP—for standard File Transfer Protocol servers.
– SFTP—for secure file transfers using the Secure File Transfer Protocol (also known as the SSH File Transfer Protocol).
– Address—the IP address or hostname of the remote server.
– Username—the username required to log in to the server.
– Password—the login password for the remote server.
– Path—the directory path where the compressed archive will be copied. The path must exist on the remote server. If the directory is not available, the archive will fail.
c. Click Next to apply the settings and continue.
Tip Pruning and Archiving schedules must not overlap each other.
Step 9 Install the software license.
Note The License option only appears before this copy of ICPAM is registered. Once the license for this software is authenticated, the option no longer appears.
Note Enter all licenses except high availability (HA) on the active appliance. Enter only the HA license on the standby appliance. See Licenses in a Redundant Configuration for more information. See also Licensing: Frequently Asked Questions.
a. Locate the Product Authorization Key included with the ICPAM Manager appliance or purchased separately.
b. In a Web browser, open the Identiv Product License Registration Web page.
http://www.identiv.com/go/license/
c. Follow the onscreen instructions to complete the form and enter the license file. When you are done, a license file with the extension .lic is sent to your email address.
d. Transfer the file to the drive of the PC used for the configuration.
e. In the License screen, click Browse to select the license file located on your local drive. when you select the file, the file name appears in the File field.
f. Select Finish to install the license file on the ICPAM appliance and activate the features.
Step 10 When you click Finish, the initial installation is applied. Click Done when all fields read Done.
Note If any errors occur, the setup returns to Step 2. If a serious error occurs, contact your Identiv support representative for assistance.
Step 11 Create a system backup as described in Backing Up and Restoring Data. You should have at least one backup file to preserve critical system data. You also must have at least one backup to restore the server software using the recovery CD.
Step 12 Disconnect your PC from the Eth0 port and connect the Eth0 port to the IP network.
See also:
Entering the Initial Server Configuration