• Find us:
    +1 415 655 1723   |   +91-844-844-8901
  • Free Newsletter

     
     

  • Archive

  • Categories


  • Oracle Mobile Security Suite Installation on Linux

    Posted by "" in "OMSS" on 2014-12-23

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    Overview

    Oracle Mobile Security Suite provides a containerised enterprise workspace on their personal mobile devices from where employees can access the corporate data seamlessly without compromising the user experience. In this post, we will see how we can install the various components of Oracle Mobile Security Suite. To know more about OMSS, you can read my previous post here: http://trainings.k21technologies.com/introduction-to-oracle-mobile-security-suite/

    Download

    Oracle Mobile Security Suite can be downloaded from edelivery.oracle.com website. Follow these steps to download the latest version (as of 18 Dec 2014) OMSS 3.0.1.0.0:

    1. Login to edelivery.oracle.com
    2. Select a Product Pack : Oracle Fusion Middleware and Platform : Linux x86-64. Click on Go.
    3. Click on Oracle Fusion Middleware Identity Management 11g R2 Media Pack 11.1.2.1.0
    4. Download Oracle Mobile Security Suite 3.0.1.0.0
    5. Optionally you can also download Oracle Mobile Security Suite Documentation if you want to dive into the documentation.

    After the download is finished, you will have V44428-01.zip (this would be the same file for Windows and Linux versions)
    Extract the zip file and it will create a folder OMSS-3.0.1. The structure of the folder would be:

    OMSS-3.0.1
    >>Android Client
    >>C14N Client
    >>iOS Client
    >>Servers
    >>>>Linux
    >>>>Windows
    >>Whitepages

    The folder Servers include the installable binaries. For installation on Windows, OMSS provides one single executable file. We will cover the installation on Windows in a separate post.

    OMSS provides a set of RPMs for the installation on Linux. Following components need to be installed separately and in the following order only:
    1. Mobile Security Administrative Console: OMSS-3.0.1/Servers/Linux/MSAC/msac-3.0-1.131.3155.el6.x86_64.rpm
    2. Mobile Security Notification Server: OMSS-3.0.1/Servers/Linux/MSNS/msns-3.0.1.131.4708.el6.x86_64.rpm
    3. Mobile Security File Manager: OMSS-3.0.1/Servers/Linux/MSFM/msfm-3.0.1.131.4708.el6.x86_64.rpm
    4. Mobile Security Access Server: OMSS-3.0.1/Servers/Linux/MSAS/msas-3.0.1.131.4708.el6.x86_64.rpm

    Pre-requisites

    Hardware

    • Oracle Linux 6 Update 1+
    • 4GB memory
    • 2.2GHz processor with 4 cores
    • 30GB Hard drive

    Database

    The supported databases are Oracle database and MySQL database which comes with the installation. If you want to use Oracle database, then you must have a tablespace and a temporary tablespace already created.
    To create the temporary tablespace, use the following commands:

    Login to database as sysdba:
    sqlplus / as sysdba

    CREATE TABLESPACE custom_mobile_tbs LOGGING DATAFILE ‘/app/oracle/oradata/iam/custom_mobile_tbs.dbf’ SIZE 200M
    AUTOEXTEND ON EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO;

    CREATE TEMPORARY TABLESPACE temp TEMPFILE ‘/app/oracle/oradata/iam/temp_custom_mobile_tbs.dbf’
    SIZE 100M AUTOEXTEND ON NEXT 10M;

    Files

    The server components require a PKCS#12 private key and public certificate file that is suitable for use with HTTPS and FTPS as well as the server certificate CA trust chain file.

    If you don’t have the PKCS#12 file, you can generate one with the following commands with a self-signed certificate.

    • Generate an RSA private key

    sudo openssl genrsa -out k21_key.key 2048

    • Generate a Certificate Signing Request

    sudo openssl req -new -key k21_key.key -out k21_request.csr -config /opt/oracle/omss/msac/conf/openssl.cnf

    • Generate a self signed public certificate

    sudo openssl x509 -req -days 3650 -in k21_request.csr -signkey k21_key.key -out k21_cert.crt

    • Generate a PKCS#12 file

    sudo openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in k21_cert.crt -inkey k21_key.key -out k21_pkcs12.pfx -name “k21technologies”

    User

    The user which you will be using to install the RPMs must be a sudoer. To add a user in sudoers list, do the following:

    Edit /etc/sudoer file by using the command visudo as root.
    Append the following line in the file to add all users of oracle group in sudoers list:
    %oracle ALL=(ALL) ALL

    Installation

    Dependencies

    The RPM packages for OMSS require several other RPMs which need to be installed prior to the installations. These dependancies can be resolved easily by executing a shell script which comes as part of OMSS. Extract OMSS-3.0.1/Servers/Linux/oel-dependency-install.tar.gz by using the command:
    tar -xvf oel-dependency-install.tar.gz

    Execute the shell script with root user or with sudo:
    sudo oel-dependency-install/dependency-install.sh

    If you are using min Oracle Linux 6, you should not face any problem installing the dependencies. If it fails, then install the missing RPMs manually.

    Mobile Security Administrative Console

    Install the rpm for MSAC using the following command to install Mobile Security Administrative Console:

    cd OMSS-3.0.1/Servers/Linux/MSAC
    sudo rpm –ivh msac-3.0-1.131.3155.el6.x86_64.rpm

    It will install the Mobile Security Administrative Console under /opt/oracle/omss/msac
    The next step is to configure Mobile Securrity Administrative Console. All the configuration attributes are stored in /opt/oracle/omss/msac/templates/vars.conf file.

    Edit the file /opt/oracle/omss/msac/templates/vars.conf as bellows:
    server_name= myserver.k21technologies.com
    server_admin_email= ganesh.kamble@k21technologies.com
    http_port=80
    server_ssl_port=443
    db_name=mysql
    company_name=K21 Technologies
    master_server=yes
    db_created=no
    db_host_name=
    db_port=
    sec_db_host_name=
    sec_db_port=
    odb_service_name=
    dba_user_name=
    dba_pwd=
    acp_app_db_name=lattice
    acp_rep_db_name=reporting
    acp_audit_db_name=audit
    db_service_uid=
    db_service_pwd=
    odb_lat_tspace_name=
    odb_lat_tetspace_name=
    odb_rep_tspace_name=
    odb_rep_tetspace_name=
    odb_aud_tspace_name=
    odb_aud_tetspace_name=
    odb_aapu_tspace_name=
    odb_appu_tetspace_name=
    integrate_msns=yes
    ad_enabled=no
    ldap_type=OUD
    acp_auth_email=ganesh.kamble@k21technologies.com
    acp_auth_passwd=**********
    ecp_auth_email=ganesh.kamble@k21technologies.com
    ecp_auth_passwd=**********
    httpd_user_name=daemon
    httpd_group_name=daemon
    server_cert_p12_file_path=/stage/k21cert/k21_pkcs12.pfx
    server_cert_ca_chain_file_path=/stage/k21cert/k21_cert.crt

     

    Run the configure command to start the configuration of Mobile Security Administrative Console

    sudo /opt/oracle/omss/msac/templates/configure.sh
    You will be prompted to enter the PKCS#12 file password to extract the key and cert.

    This finishes the installation and configuration of Mobile Security Administrative Console.

    Mobile Security Notification Server

    Mobile Security Notification Server requires tomcat container. The tomcat rpm is provided with the installable. Execute the below command to install.
    sudo rpm -ivh OMSS-3.0.1/Servers/Linux/omss-tomcat/omss-tomcat-3.0.1.131.4708.el6.x86_64.rpm

    Next run the following command to install Mobile Security Notification Server RPM and it gets installed in the directory /opt/oracle/omss/msns/

    sudo rpm -ivh OMSS-3.0.1/Servers/Linux/MSNS/msns-3.0.1.131.4708.el6.x86_64.rpm

    Edit the configuration file /opt/oracle/omss/msns/templates/vars.conf as follows:

    server_name=myserver.k21technologies.com
    http_port=8080
    server_ssl_port=8443
    server_cert_p12_file_path=/stage/k21cert/k21_pkcs12.pfx
    server_cert_ca_chain_file_path=/stage/k21cert/k21_cert.crt
    db_name=mysql
    db_created=no
    db_host_name=
    db_port=
    sec_db_host_name=
    sec_db_port=
    odb_service_name=
    dba_user_name=
    dba_pwd=
    msns_db_name=bns
    odb_msns_tspace_name=
    odb_msns_tetspace_name=
    db_service_pwd=
    msns_service_uname:=ganesh.kamble@k21technologies.com
    msns_service_pwd=*********

    Next run the configuration command:

    sudo /opt/oracle/omss/msns/templates/configure.sh

    You will be prompted to enter the PKCS#12 file password to extract the key and cert.

    Mobile Security File Manager

    Install the following RPM to install Mobile Security File Manager. it Will be installed under /opt/oracle/omss/msfm/

    sudo rpm -ivh OMSS-3.0.1/Servers/Linux/MSFM/msfm-3.0.1.131.4708.el6.x86_64.rpm

    Edit the configuration file /opt/oracle/omss/msfm/templates/vars.conf as follows:

    server_name=myserver.k21technologies.com
    http_port=8080
    server_ssl_port=8443
    server_cert_p12_file_path=/stage/k21cert/k21_pkcs12.pfx
    server_cert_ca_chain_file_path=/stage/k21cert/k21_cert.crt

    Again, execute the below command to configure Mobile Security File Manager

    sudo /opt/oracle/omss/msfm/templates/configure.sh
    You will be prompted to enter the PKCS#12 file password to extract the key and cert.

    Mobile Security Access Server

    Following command installs the RPM for Mobile Security Access Server under: /opt/oracle/omss/msas/
    sudo rpm -ivh OMSS-3.0.1/Servers/Linux/MSAS/msas-3.0.1.131.4708.el6.x86_64.rpm

    Edit the configuration file /opt/oracle/omss/msas/templates/vars.conf as follows:

    HTTPD_USER=daemon
    HTTPD_GROUP=daemmon
    PROXY_PORT=80
    AUTH_PORT=443
    BMAX_SERVER_NAME=myserver.k21technologies.com
    SERVER_P12_FILE=/stage/k21cert/k21_pkcs12.pfx
    SERVER_CERTCHAIN_FILE=/stage/k21cert/k21_cert.crt
    LOCAL_ACP=yes
    ECP_SERVICE_URL=htts://myserver.k21technologies.com:443/ecp/ecpservice
    ECP_SERVICE_UID=ganesh.kamble@k21technologies.com
    ECP_SERVICE_PWD=*********
    ENABLE_OAM=yes
    OAM_SERVER_URL=http://myserver.k21technologies.com:14100
    OAM_SERVICE_END_POINT=oauthservice
    OAM_CLIENT_UID=ganesh.kamble@k21technologies.com
    OAM_CLIENT_PWD=**********
    KRB_DOMAIN_NAME_UPPER=
    KRB_DOMAIN_NAME=
    RADIUS_SERVER_INFO=
    BMAX_RADIUS_ENABLED=
    BMAX_RADIUS_DOMAIN_NAME=

    Run the configuration:

    sudo /opt/oracle/omss/msas/templates/configure.sh
    You will be prompted to enter the PKCS#12 file password to extract the key and cert.

    Startup and Shutdown

    Since we have installed the Mobile Security Administrative Console and Access Server on the same machine, we will use the following command to start the servers:
    sudo /usr/sbin/httpd.worker -f /opt/oracle/omss/msas/conf/httpd.conf -k start
    sudo /usr/sbin/httpd.worker -f /opt/oracle/omss/msas/conf/httpd.conf -k stop

    Mobile Security File Manager and Notification Server runs within Tomcat container. Use the following command for start and shutdown:
    sudo /sbin/service omss start
    sudo /sbin/service omss stop

     

    Verify

    You can verify that Oracle Mobile Administrative Console is installed properly by accessing the following URL:
    https://myserver.k21technologies.com:443/acp

    It should throw a login page

    Screen Shot 2014-12-16 at 10.09.56 pm

     

     

    Enter the credentials which you mentioned in the vars.conf during configuration. You should be able to see the following screen:
    Screen Shot 2014-12-16 at 4.18.29 pm

     

    This completes the installation of Oracle Mobile Security Suite on Linux. Leave your comments below if you need more information. Thank you.

     

    Ganesh Kamble works as Oracle Fusion Middleware Consultant and is an Oracle Certified Specialist in Access Management. Having started his career in product development at Oracle, Ganesh got excellent exposure to the middleware technologies during his work in integration of Tier-1 banking product Oracle Banking Platform with Oracle Fusion Middleware products. He was honored with Outstanding Contribution award by Oracle.
    His key areas of interest are Oracle Identity and Access Management, Oracle Service Oriented Architecture and Java with passion for blogging on various encounters with Oracle products. He publishes blogs regularly on http://k21technologies.com/blog/. He can be reached at ganesh.kamble@k21technologies.com and http://twitter.com/ganeshk_8
    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    Leave a Reply

    Your email address will not be published. Required fields are marked *



  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.
  • CONTACTS

    K21 Technologies
    128 Uxbridge Road, Hatchend,,
    London, HA5 4DS

    US: +1 415 655 1723
    India: +91-844-844-8901

  • Copyright 2019, K21 Technologies. All rights reserved
  • TOP
    TOP