By Santosh B Ankushkar and Sachin A Patil
We can deploy IGI appliance on AWS, Microsoft Azure, OpenStack. But there is a simplest option to deploy IGI appliance on Linux KVM (Kernel-based Virtual Machine). We can do manual deployment on Linux KVM also we can automate the deployment process using shell scripts. It supports all the versions of IBM Secu-rity Identity Governance and Intelligence 5.2.x
1 PREREQUISITES ON LINUX OS
Check virtualization is supported on your Linux OS hardware,
grep -E 'svm|vmx' /proc/cpuinfo
This command should generate following output,
flagsflags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmmmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts on pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmxvmx smx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefexsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt ssbd ibrs ibpb stibp tpr_shadow vnmi tch epb intel_pt ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 dtherm arat pln pts hwp hwp_notify hwp_act_window hwp_epp clflushopt xsaveopt xsavec xgetbv1 dtherm arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clemd_clear spec_ctrl intel_stibp flush_l1dar spec_ctrl intel_stibp flush_l1d
This indicates that the current hardware supports virtualization. If this is not the output, then you need to enable to virtualization support from the BIOS and continue the steps to deploy IGI Appliance on Linux KVM.
We need to enable KVM (Kernel-based Virtual Machine) libraries on Linux OS to enable KVM support We should follow below mentions steps,
This will work on a valid registered Linux OS.
yum install qemu-kvm qemu-img
yum install virt-manager libvirt libvirt-python python-virtinst libvirt-client
This command will enable KVM creation and the Linux OS will act as a standalone hypervisor. Also, these packages enable the user-level KVM emulator and disk image manager.
Check if the KVM modules are installed on the Linux OS with following command,
lsmod | grep kvm
2 VA DEPLOYMENT
Let’s see how IGI appliance can be deployed on Linux KVM with following steps,
Run command,
virt-manager
This command will open virtual machine manager, Click on create New Virtual machine icon on the UI,
Keeping default option ISO image selected, click on Forward button. Select the IGI 5.2.5 Appliance ISO,
click on Forward button.
Specify number of CPUs and required RAM as recommended by IGI 5.2.5 release.
Click on Forward button. Specify the hard disk size recommended by IGI 5.2.5 release click on Forward button.
Provide name of the KVM instance and select check box Customize configuration before install and click on Finish button.
Before starting the installation of the ISO, select CPU from the left side of the KVM configuration panel. Se-lect Clean CPU configuration.
Click on Apply.
You need to enable virtual network bridge to enable access to the appliance on the lab network or to as-sign specific IP address.
Add the number of network cards as recommended by the IGI 5.2.5 release and click on Begin Installation,
3 VA ACTIVATION
Follow the steps as mentioned below to complete the first steps,
Select the language and type yes to proceed and press enter key,
Press enter after the ISO installation is complete.
Follow the documented steps to complete first steps,
https://www.ibm.com/support/knowledgecenter/en/SSGHJR_5.2.5/com.ibm.igi.doc/in-stalling/tsk/t_configuring_initial_VAsettings.html
Change the appliance password, set the hostname, configure the interface M.1. If you have configured the virtual bridge for KVM, you can assign the IP and subnet from the CLI. Otherwise select automatic configu-ration as shown below.
Set the DNS server and set the required time zone.
Note the host name configuration shown on the summary page,
Select option 1 and press enter key.
Login from CLI with admin and new password configured.
Run following command,
management interfaces show
Update /etc/hosts files on KVM host machine with IPv4 Address and the hostname given to the appliance. We are doing this because we used automatic IPv4 configuration that configures any random IP address.
Open the appliance login page from the browser, Login with admin and password. Activate your appliance by configuring mail server and postgres database. Now after activation, you can explore IGI.
https://igiappliance:9443/login
Author email id : sankushk@in.ibm.com, sachapat@in.ibm.com