The complete instructions to install IBM Security AppScan Enterprise are generated based on the selections that you made on the previous page.
-
Option that represents the installation:
- User Administration for AppScan Source
- User Administration and Reporting for AppScan Source
- Reporting component (Importing results from Standard and/or Source) for AppScan Enterprise
- Reporting component and Dynamic Application Scanner for AppScan Enterprise
- Dynamic Application Scanner for AppScan Enterprise
- User Administration, Dynamic Application Scanner and Reporting component for AppScan Enterprise
-
Operating system selected:
- Microsoft Windows Server 2008
- Microsoft Windows Server 2008 R2
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Red Hat Enterprise Linux Version 6.0, 6.2, 6.3, and 6.4 (for AppScan Source)
-
Location of Rational License Key Server:
- Local (Already installed)
- Remote (Already installed)
- Local (To be installed)
- Remote (To be installed)
-
AppScan Source database installed:
-
Authentication Method:
- Windows Authentication
- LDAP Authentication
-
SQL Server Type:
-
SQL version:
- Microsoft SQL Server 2008 Enterprise
- Microsoft SQL Server 2008 R2 Enterprise
- Microsoft SQL Server 2012 Enterprise
- Microsoft SQL Server 2014 Enterprise
- Microsoft SQL Server 2016 Enterprise
- Microsoft SQL Server 2008 Standard
- Microsoft SQL Server 2008 R2 Standard
- Microsoft SQL Server 2012 Standard
- Microsoft SQL Server 2014 Standard
- Microsoft SQL Server 2016 Standard
-
Server topology type:
- Single server install
- Multiple server install
Complete the planning checklist
Use this planning checklist to ensure that you are ready to install.
Complete the planning checklist
Use this planning checklist to ensure that you are ready to install.
Single server installation
Note: The single server installation is a general representation of an evaluation installation. The SQL Server database is installed on a separate server.
Typical installation configuration:
-
Server A:
- Mirosoft SQL Server instance
-
Server B:
- AppScan Enterprise Console
- Rational License Key Server
- AppScan Enterprise User Administration
- AppScan Enterprise Dynamic Analysis Scanner
Production topology example with multiple servers (Recommended configuration)
Installing IBM Rational License Key Server on a remote server:
- Log into the remote server where you plan to install the License Key Server.
-
Go to the directory where you downloaded the .zip
file (RLKS_V8.1.4_FOR_WINDOWS_ML.zip), extract the contents and run the installer.
-
Click Yes when you are asked to
install Rational License Key Server.
-
In the Rational License
Server installer, click
Install or Update IBM Rational
License Key Server
.
-
If IBM® Installation
Manager is not already installed on your system, it launches for installation
purposes. Click Install.
-
On the first page of the Install Packages wizard, ensure
that the IBM Rational License Key Server check
box, and check boxes for all entries beneath it, are selected. Click Next.
-
In the Prerequisites page, you are
instructed to close all applications and disable anti-virus software.
Complete these precautionary tasks and then click Next.
-
On the Licenses page, read the license
agreement. If you agree to the terms of the license agreement, click
I
accept the terms in the license agreement
and then click Next.
-
In the Location page, specify the
installation directory and then click Next.
-
Complete the Package Group page according
to your needs
(for example, if you are using Installation
Manager for the first time and have no existing package group, leave
the default settings as-is). Click Next.
-
In the Translation Selection page,
select the national languages that you want to install. Click Next.
-
On the Features page, ensure that
all features are selected and then click Next.
-
A summary of what is installed is shown on the Summary page.
If you want to change your selections, click Back to
return to the previous pages. When you are satisfied with your installation
choices, click Install.
-
When the installation is complete, click Finish and
close IBM Installation Manager.
-
Start the IBM Rational License Key Administrator
from the Windows Start menu (in the Programs menu,
launch).
-
When the IBM Rational License Key Administrator
starts, you are prompted with the License Key Administrator wizard
(if the wizard does not open automatically, select from the main menu). In this wizard, select
Import
a Rational License File
and then click Next.
-
In the Import a License File panel, click
Browse and
then browse to your AppScan Enterprise
Server license file. Open the file with the browse dialog box and
then click Import.
-
After you confirm the license or licenses to import, the
Restart License Server dialog box will open. Click Yes to
restart the license server. If the License Server service fails to
start, open the Windows Services
administrative tool. In the tool, locate
FLEXlm License
Manager
and start it.
Dynamic Analysis Scanner Installation steps
AppScan Enterprise Installation steps
Use this procedure to install the agents that are used for scanning and testing your website applications.
Installation steps for AppScan Enterprise
NOTE: IIS will be installed/configured automatically and does not require any action on your part.
- Log in to server: Log in to the server with the service account created above or with an account that has local administrative permissions.
- Log in to server: Log in to the server with the service account created above or with an account that has local administrative permissions and database owner permissions.
-
Install/verify IIS is installed and configured correctly:
For Microsoft Windows Server 2008, IIS needs to be installed and configured manually. Install IIS 7 as described in
Installing IIS 7 on Windows Server 2008. In Step 8 under "Install IIS 7.0 on Windows Server 2008", make sure the following features are selected to install:
- Common HTTP Features (all components except HTTP Redirection)
- Application Development (ASP.NET, ISAPI Extensions, ISAPI Filters)
- Health and Diagnostics (HTTP Logging, Request Monitor)
- Security (Basic and Windows Authentication)
- Performance (Static Content Compression)
- Management Tools (IIS Management console)
- IIS 6 Management Compatibility (All)
-
Run the installer:
Go to the directory where you downloaded the executable file (AppScanEnterpriseServerSetup_9.0.3.exe)
and double-click the file. Note: It might take a while for the next screen to display.
- Run the installer:IBM Security AppScan Enterprise Dynamic Analysis Scanner V9.0.3 Windows Multilingual (ASE_DASSetup_9.0.3.exe).
-
Installing Microsoft .NET 4.6.2 Framework:
After running the installer, if Microsoft .NET 4.6.2 is not currently installed, a prompt will appear asking you to install the framework. Select Yes to install because the .NET Framework must be installed for the program to function.
-
Installing IBM Rational License Key Server:
After running the installer, click Yes when you are asked to install Rational License Key Server and perform the following steps:
-
In the Rational License
Server installer, click
Install or Update IBM Rational
License Key Server
.
-
If IBM® Installation
Manager is not already installed on your system, it launches for installation
purposes. Click Install.
-
On the first page of the Install Packages wizard, ensure
that the IBM Rational License Key Server check
box, and check boxes for all entries beneath it, are selected. Click Next.
-
In the Prerequisites page, you are
instructed to close all applications and disable anti-virus software.
Complete these precautionary tasks and then click Next.
-
On the Licenses page, read the license
agreement. If you agree to the terms of the license agreement, click
I
accept the terms in the license agreement
and then click Next.
-
In the Location page, specify the
installation directory and then click Next.
-
Complete the Package Group page according
to your needs
(for example, if you are using Installation
Manager for the first time and have no existing package group, leave
the default settings as-is). Click Next.
-
In the Translation Selection page,
select the national languages that you want to install. Click Next.
-
On the Features page, ensure that
all features are selected and then click Next.
-
A summary of what is installed is shown on the Summary page.
If you want to change your selections, click Back to
return to the previous pages. When you are satisfied with your installation
choices, click Install.
-
When the installation is complete, click Finish and
close IBM Installation Manager.
-
Start the IBM Rational License Key Administrator
from the Windows Start menu (in the Programs menu,
launch).
-
When the IBM Rational License Key Administrator
starts, you are prompted with the License Key Administrator wizard
(if the wizard does not open automatically, select from the main menu). In this wizard, select
Import
a Rational License File
and then click Next.
-
In the Import a License File panel, click
Browse and
then browse to your AppScan Enterprise
Server license file. Open the file with the browse dialog box and
then click Import.
-
After you confirm the license or licenses to import, the
Restart License Server dialog box will open. Click Yes to
restart the license server. If the License Server service fails to
start, open the Windows Services
administrative tool. In the tool, locate
FLEXlm License
Manager
and start it.
-
IBM Rational License Key Server - Remote:
After running the installer, if the Rational License Key Server is not currently installed locally, a prompt will appear asking you to install the License Key Server. Select No because the license server was installed on a remote server.
-
AppScan Enterprise Installer
-
In the Setup wizard Welcome screen,
click Next.
-
In the
License
Agreement
window, select the
I accept the terms
in the license agreement
option, and click Next.
- In the Program Features window, select the Web Services Explore option if web service security scanning will be performed and click Next.
-
In the
Destination
Folder
window, do one of the following actions and click Next:
-
Click Next to accept the default
installation location.
-
Click Change to select a different
installation location.
-
In the
Ready
to Install the Program
window, click Install to
proceed with the installation.
-
On the
Setup
Wizard Completed
screen, click Finish.
Configuration Wizard steps
After you install AppScan Enterprise, you must run the Configuration wizard to configure the installed component.
After you install the Dynamic Analysis Scanner, you must run the Configuration wizard to configure the installed component.
-
License Server:
In the
License
Server
window, specify the Rational License Server to use for licenses.
See License Server.
-
Server Components:
In the Server Components window, select
the components that you want to configure. The components available
to you depend on your license. See Server Components. If you are installing the components on one machine, select all the check boxes, even if you have installed one of the components previously.
- User Administration
- User Administration
- Enterprise Console
- Dynamic Analysis Scanner
- Enterprise Console
- User Administration
- Enterprise Console
- User Administration
- Enterprise Console
- Instance name: Name of IIS instance (Leave this option as default unless there is reason to change the value)
-
Service Account:
In the Service Account window, enter
the Domain/Username Service Account and password,
and click Next. See Service Account.
-
Database Connection: In the Database Connection window, enter the SQL Server name, port number, and the name of the database you are connecting to. You can click Test Connection to make sure you can connect to the SQL Server. The configuration wizard does not proceed until the connection is successful. When AppScan Enterprise Server creates the database in SQL Server, it automatically configures the collation for it.
Note:
- If you are upgrading an existing database from v8.6 or earlier, enter the Database Master Key Password on the next screen to access it. Keep this password in a secure location.
-
If your environment uses a named SQL Server instance for the AppScan Enterprise
database or SQL Server Express, make sure that TCP/IP is enabled in
the SQL Server configuration manager, and restart the SQL services
for SQL Server and SQL Server browser. For example, if you specify
the instance name as:SQL Server or Server\Instance name: <sql_server_host>\<sql_server_instance> instead
of SQL Server or Server\Instance name: <sql_server_host>.
- Server Certificate: In the Server Certificate window, choose a certificate specific to your organization. This step helps you deploy a secure AppScan Enterprise in your environment.
- Server Keystore: In the Server Keystore screen, select a server keystore to be used by the Enterprise Console. If you exported a .pfx file, select Public key cryptography standards #12 (PKCS #12). Browse to the location where you saved the .pfx file, import it and enter the password you created when you exported the file. Service Keystore.
-
Authentication Mechanism: In the Authentication Mechanism window, select an Authentication Mechanism to be used to log in to the Enterprise Console. See Authentication Mechanism
- Select 'Authenticate via Windows'
- Select 'Authenticate via LDAP'
Note: If you need to authenticate with the Common Access Card (CAC), make sure you choose LDAP as your authentication mechanism. Once AppScan Enterprise is configured, follow the instructions in Authenticating with the Common Access Card (CAC) to authenticate with CAC.
- In the Server Configuration window,
- Configure the host name and port of the Liberty server for AppScan Server to use. If you are
using Windows authentication, prefix the host name with your domain name.
- While it is not a recommended practice, you can allow SSL connections with invalid or untrusted
certificates during scanning. When the option is disabled, messages will appear in the scan log to
indicate that the insecure server could not be reached for scanning. This option also affects the
Manual Explore functionality.
- : Configure the Advisory services port
(installed with the Enterprise Console). This port runs over HTTP and is used by the node.js server
to provide advisories and fix recommendations. The advisories appear in the About this
Issue page for the application issues, and provide fix recommendations. You can select a
different port if 9444 is already used.
- Product Administrator: Enter in the username and password for the user that will be the Product Administrator.
- Ensure that nobody is accessing the database, and click Finish in the Specifications Complete window to complete the configuration. This process might take awhile.
-
Optional:
Select the Start the Services check
box to automatically start the services.
Note: If you
do not choose to automatically start the agent service, the agents
do not pick up any jobs that are created by users. You can manually
start the service by using the Administrative tools; see Verifying the agent service and alerting service installation.
Running the Default Settings wizard
This wizard helps you install sample data in by providing
defaults for a number of configurable options. You can create users,
add security test policies, create scan templates, add pre-created
dashboards, and configure defect tracking integration with Rational Quality Manager or Rational Team Concert.
About this task
Ensure that the
Launch
Default Settings Wizard
check box is selected when the
Configuration wizard finishes.
Procedure
-
In the Welcome page,
choose the instance that you want to update, and click Next.
-
In the
Initialization
Type
window, select one of the available initializations,
and click Next.
-
In the
Default
Setting
window, configure the following options and click Next:
-
Instance: Select the instance
name for this setup. The Instance that was configured in the Configuration
wizard is selected here by default.
-
Contact: The name or a point
of contact for the items that are created by the wizard. You can edit
these items later if necessary.
-
Root folder name: Enter a name
for the default root folder. The default folder acts as the root folder
for all other folders you create.
-
Application URL: Enter the URL
for the application users to access the application. By default, this
URL is the current computer's FQDN (fully qualified domain name).
(for example, http://myserver/mydomain/appscan/).
-
In the
LDAP
Settings
page, select the Enable LDAP check
box if you use an LDAP server.
-
In the Server Name field, enter
the LDAP group name.
-
In the Group Query field, enter
the path of the group query that is used to retrieve user group information.
You can use an LDAP server or an Active Directory server.
-
Optional:
If you want to integrate with
the LDAP server by using anonymous access, select the
Anonymous
access
check box. This option is disabled by default.
-
Click Test LDAP to confirm the
configuration works.
-
In the IP Security Permissions page,
configure the IP addresses and ranges that are allowed for scanning.
Use a dash to define IPv4 ranges (such as 1.2.3.4–); use a prefix
to define IPv6 ranges (such as fe80::/10).
-
In the
Populate
Database with Sample Data
page, select the
Populate
Sample Data
check box to populate the database with scan
templates, pre-created dashboards, server groups, and test policies.
-
Click Next.
The Default Settings Wizard Progress page opens,
displaying the setup's progress.
-
When the wizard
is complete, the Default Settings Wizard Complete page
opens.
-
Click Exit to
close the wizard.
Optional: Verifying the installation of the Enterprise Console
After the installation process is complete, you can verify
the installation of the Enterprise Console.
- Go to https://localhost/ase/ and log in. The main folder explorer view should be displayed as shown in this screenshot.
Installing the User Component on Linux for AppScan Source
Use these instructions to install the User Administration component to configure AppScan® Source users.
-
On the Linux computer,
log in with root access privileges.
-
Type ls -l AppScanServerSetup_9.0.3.bin.
Make sure that you see -rwxrwxr-x in the result
listing.
-
Run the .bin file. Type ./AppScanServerSetup_9.0.3.bin,
and click Enter to start the installer.
- Pick a language for installation and click .
- Accept the terms of the license agreement.
- Choose an installation folder (the default location is /opt/IBM/AppScan_Server).
-
Review the installation summary and click Install.
The files are copied onto the Linux computer.
-
Configure the Liberty Server name,
port
number
(the default is 9443), and the
Rational
License Server name
. Click Next.
-
Configure the LDAP settings. Select an
LDAP
server type
. Some of the LDAP configuration fields are
pre-populated for you. Check that they are correct for your environment.
-
If your LDAP server supports SSL, select the
Connect
to LDAP server using SSL
check box.
-
Enter the LDAP server host name and port (389
is default), and the Base DN.
-
If you need to be authenticated on the LDAP server,
enter the Bind DN and the Bind password.
Click Next.
-
Configure the product administrator’s user name,
and click Next. After the Liberty service is
configured, the installation is complete.
Now an AppScan Source
administrator can connect to the AppScan Server
on Linux to validate and administer
their users.
Configuring AppScan Source Database with AppScan Enterprise Console
After you finish configuring AppScan Enterprise, you must run the AppScan Source installer to install and configure your AppScan Source Database.