Installation checklist
The installation checklist provides an overview of the installation process so that you can verify that you are ready to install HCL SafeLinx.
General pre-installation checklist
- Verify that meet the hardware and software requirements for installing HCL SafeLinx. For more information, see the System requirements.
- The host on which you install the SafeLinx Server must be configured as a node on a Internet Protocol network.
- Record contact information and, when possible, login credentials of the administrators of other network resources that you want to integrate into your deployment. For example, obtain information for admins of the following resources: firewalls, network, database servers, directory servers, application servers, certificate managers, and so forth.
- Ensure that ports in the internet-facing and enterprise-facing firewalls are opened to allow communications to and from the SafeLinx Server. For more information, see Firewall ports.
- Define the base DN (Distinguished Name) to use for storing configuration information in persistent storage. You can use the default DN o=local, or specify a different base DN that reflects your organization's structure or policies.
- If you are updating an existing version of the SafeLinx Server, it is best to back up the existing configuration before you begin.
Windows installation and initial configuration checklist
- For persistent storage of session data and configuration data, the SafeLinx Server requires
access to a MariaDB, DB2, MySQL, or SQL server relational database.
For more information about configuring database support, see Completing the initial SQL Server database configuration on Windows, Completing the initial MySQL database configuration on Windows, Completing the initial DB2 database configuration on Windows, or Completing the initial MariaDB database configuration on Windows.
- Download and install the SafeLinx Server. For more information, see Installing the SafeLinx Server.
- If you want to administer the SafeLinx Server from a remote host, download and install the SafeLinx Administrator. When you install the SafeLinx Server on Windows, an instance of SafeLinx Administrator is installed automatically on the same host. If you prefer to run SafeLinx Administrator remotely from another host, you can install other instances separately. For more information, see Installing the SafeLinx Administrator.
- Run the Database configuration wizard.
- Configure secure connections between nodes in the deployment. To secure connections, you must
store certificates in a PKCS12 file on the SafeLinx Server. You use a key file
management tool of your choice such as OpenSSL to manage SafeLinx Administrator
and SafeLinx Server keyfiles. You can set up secure connections between the
following nodes:
- The SafeLinx Administrator and the access manager
- The SafeLinx Server and HTTP application servers on the internal network
- Messaging services on the SafeLinx Server and internal applications that use the Messaging Services and Push APIs
- Among cluster managers
For more information about security options, see Security. For more information about configuring TLS connections, see Securing communications between the SafeLinx Server and other nodes.
- Start the SafeLinx Administrator.
- There is a default login profile, named localhost, that is created during the installation. If you want to set up TLS connections between the SafeLinx Administrator and the access manager, create a secure login profile. For more information, see Adding a secure login profile.
- If you want to use RADIUS servers for third-party authentication, or for accounting and billing, configure the SafeLinx Server to connect to your RADIUS servers. For more information, see Using RADIUS servers.
- Add resources to enable the services that you want to support. If you plan to use mobile access services to support SafeLinx Clients, see the SafeLinx Client documentation.
- Use the SafeLinx Administrator to administer and configure network resources. For more information, see Adding and configuring resources.
Linux installation and initial configuration checklist
- For persistent storage of session data and configuration data, the SafeLinx Server requires
access to a DB2, MySQL, or Oracle relational database.
For more information about configuring relational database support, see Completing the initial DB2 database configuration on Linux, Completing the initial MySQL database configuration on Linux, or Configuring Oracle Database.
- Download, extract, and install the SafeLinx Server. For more information, see Installing the SafeLinx Server.
- Download, extract, and install the SafeLinx Administrator administration tool. SafeLinx Administrator installation is required to configure the SafeLinx Server. For more information, see Installing the SafeLinx Administrator.
- Start the SafeLinx Administrator, create a login profile, and connect to the SafeLinx Server. You can create a secure login profile or a standard login profile. A secure login profile is required if you want to set up TLS connections between the SafeLinx Administrator and the access manager. For more information, see Adding a secure login profile.
- Configure the access manager. For more information, see Configuring the access manager.
- Configure secure connections between nodes in the deployment. To secure
connections, you must store certificates in a PKCS12 file on the SafeLinx
Server. You use a key file management tool of your choice such as OpenSSL to
manage SafeLinx Administrator and SafeLinx Server keyfiles. You can set up
secure connections between the following nodes:
- The SafeLinx Administrator and the access manager
- The SafeLinx Server and HTTP application servers on the internal network
- Messaging services on the SafeLinx Server and internal applications that use the Messaging Services and Push APIs
- Among cluster managers
For more information about security options, see Security. For more information about configuring TLS connections, see Securing communications between the SafeLinx Server and other nodes.
- If you want to use RADIUS servers for third-party authentication, or for accounting and billing, configure the SafeLinx Server to connect to your RADIUS servers. For more information, see Using RADIUS servers.
- Add resources to enable the services that you want to support. If you want to use the mobile access services and SafeLinx Clients, see the SafeLinx Client User's Guide for the operating systems that the clients use.
- Use the SafeLinx Administrator to administer and configure network resources. For more information, see Adding and configuring resources.