If installing SAP Identity Management (IdM) 8.0 as a distributed system is a challenge, let’s go for it.

In a distributed system, every instance can run on a separate host, thus ensuring scalability of the system and load sharing of the processing.

This blog post will focus on installing IdM Core on one host and IdM Runtime, IdM deployables on AS Java and Virtual Directory Server on a second host. To achieve this, we will use the Software Provisioning Manager (SWPM) 1.0 installation tool (the only available and supported installation option for new IdM installations). The operating system is Windows and the database system - MS SQL Server. For more information about a standard system installation on one host, see How to Install SAP Identity Management 8.0 with Software Provisioning Manager 1.0

Beforehand, we assume that all required prerequisites are fulfilled, as described in the IdM installation guide.

Note that, when an SAP system, such as IdM, is to be distributed across more than one machine, SAP strongly recommends that you perform a domain installation (all machines belong to the same domain) to avoid authorization problems.

Installing IdM Core Component on the First Host

1. Log on to the first installation host using an account with the required user authorization to run the installer. This is the host where IdM Core component is to be installed. It is called SAP Global Host.


2. Start SWPM by executing sapinst.exe from the directory to which you unpacked the latest version of SWPM10SP<Support_Package_Number>_<Version_Number>.SAR file.
   Use Google Chrome.


3. Choose SAP Identity Management 8.0 -> Installation -> Distributed System -> SAP Identity Management Core Component.


4. Run the installation in a Typical mode.


5. Enter the SAP System ID.


6. Enter the master password for all users.


7. Provide the path to all required SAR archives. You can either download them to a local directory before you start the installation or do it right away from the specified locations on the SAP Software Download Center.


8. Choose to upgrade SAP Host Agent and provide the path to it.


9. Select the database system.


10. Enter the database host and port of the server where the IdM database is to run.


11. Enter the credentials for the IdM database.


12. Enter the prefix of the IdM database and the base-qualified name that is used for the IdM packages.


13. Enter the parameters for the IdM database users.
    
    
    
    1. The master password that you provided in Step 6 is populated in the password fields for the IdM database users. You can keep it and proceed further or provide individual passwords.
    
    
    2. Enter the name of the developer administrator user. This is the name of the initial developer administrator that is used to log on to the Identity Management Developer Studio. The initial developer administrator user must be named the same in the database and the UME.
    
    
    
    


14. Select the encryption and hash algorithm.


15. Review your parameters. If you want to change a parameter, select it and choose Revise. Then, choose Next to run the installation.


16. When the message “Execution of Service has been completed successfully.” appears, choose OK and then Exit.

The IdM Core component that contains the IdM database is now installed on the SAP Global host. The global directory usr\sap\<SAPSID>\SYS, which physically exists only once for each SAP system, is created. It has the following subdirectories:

• global - globally shared data
  This is where the Keys.ini file resides. During the installation, SWPM places the Keys.ini file into the /usr/sap/<SAPSID>/SYS/global/security/data directory on the database host, that is the SAP Global host. Then the Keys.ini file is shared with the network share sapmnt and distributed to every IdM Runtime instance.
  Later, whenever you need to specify the path to Keys.ini file, make sure you give the following one: \\<SAPGLOBALHOST>\sapmnt\<SAPSID>\SYS\global\security\data\Key\Keys.ini


• profile - the profiles for all instances


• exe - executable replication directory for all instances and platforms

 

Installing IdM Runtime, Deployable Components and VDS on the Second Host

Installing IdM Runtime

1. Log on to the second installation host using an account with the required user authorization to run the installer.


2. Start SWPM by executing sapinst.exe from the directory to which you unpacked the SWPM archive.
   Use Google Chrome.


3. Choose SAP Identity Management 8.0 -> Installation -> Distributed System -> SAP Identity Management Dispatcher Instance.


4. Run the installation in a Typical mode.


5. Enter the profile directory of your IdM system, where <SAPGLOBALHOST> is the host of the IdM Core installation and <SAPSID> is SAP system ID of IdM.


6. Enter the master password for all users that you have provided when installing IdM Core.


7. Provide the path to all required SAR archives. You can either download them to a local directory before you start the installation or do it right away from the specified locations on the SAP Software Download Center.


8. Choose to upgrade SAP Host Agent and provide the path to it.


9. Enter the instance number that is assigned to the IdM Dispatcher instance or use the one that is set automatically.


10. Browse for the JDBC driver path and enter the JDBC driver class name.


11. Enter the passwords for the <prefix>_admin and <prefix>_rt users.
    Remember the passwords you have provided while installing IdM Core (step 13).
    
    
    
    1. If you have set a master password for all users, provide it here.
    
    
    2. If you have set individual passwords for those users, provide them here.
    
    
    
    


12. Review your parameters and choose Next to run the installation.


13. When the installation completed successfully, choose OK and then Exit.

The IdM Runtime is now installed on the second host.The initial dispatcher is created and set as the default one. All dispatcher settings are defined, including the connection strings to access the IdM database with your <prefix>_admin user and the <prefix>_rt user.

 

Installing Deployable Components on AS Java

1. Log on to the second installation host and start again SWPM.


2. Choose SAP Identity Management 8.0 -> Installation -> Distributed System -> SAP Identity Management Components on SAP NetWeaver AS Java.


3. Run the installation in a Typical mode and then enter the profile directory of your IdM system.


4. Enter the passwords of the OS users.
   This is the master password for all users that you have already provided.


5. Enter the SAP system ID of the SAP NW Java system to be used for IdM deployable components.


6. Confirm or enter your SAP NetWeaver release and Support Package.


7. Enter the credentials of the administrator of the AS Java.


8. Select the IdM components that you want to deploy.


9. Provide the path to all required SAR archives, review your parameters and run the installation.

The IdM deployable components on SAP NetWeaver AS Java are now installed. You can proceed with installing the Identity Management Developer Studio (available as an Eclipse plugin) and the initial configuration of all components, described in the post-installation section.

 

Installing Virtual Directory Server

1. Log on to the second installation host and start again SWPM.


2. Choose SAP Identity Management 8.0 -> Installation -> Additional Components -> SAP Identity Management Virtual Directory Server.


3. Run the installation in a Typical mode and then enter the profile directory of your IdM system.


4. Enter the master password for all users.


5. Provide the path to all required SAR archives.


6. Enter the instance number that is assigned to the VDS instance or use the one that is set automatically.


7. Review your parameters and run the installation.


8. When the installation completed successfully, choose OK and then Exit.

The Virtual Directory server is now installed. You can proceed with starting the VDS and its initial configuration, described in the post-installation section.