3.3 Installing Cloud Bridge Agent Instances

This section provides instructions for installing the Cloud Bridge Agent (CBA) in a new environment. To upgrade an existing CBA environment, see Upgrading Your CBA Environment.

Before you can install the Cloud Bridge Agent, you must have already installed a supported Linux operating system and a Docker or Podman environment on the host server where you plan to install the CBA. For more information, see the following topics:

You can install the Cloud Bridge Agent anywhere on the Docker or Podman host server, but we recommend that you use a standard installation location for each CBA instance. Wherever you install the CBA, the installation script installs an agent directory. The agent directory contains the scripts, the .env file containing the encryption Key and IV values, and additional directories as follows:

  • <CBA_install_dir>/agent/conf contains the bridge-agent.yml and DataCenter.json files

  • <CBA_install_dir>/agent/log holds the rolling log files

  • <CBA_install_dir>/agent/bridgelib holds the connector.jar files

  • <CBA_install_dir>/agent/update contains temporary connector .jar files and pending update actions

  • <CBA_install_dir>/agent/backup holds .jar files for connectors that you have deleted or updated, and .json files containing the history of actions you have performed

3.3.1 Installing Your Primary CBA Instance

You can install a single CBA instance in your environment, but we recommend also installing secondary and backup CBA instances to ensure high availability for your users. Depending on the size of your organization, you might need to set up more than one site. For more information, see Planning for High Availability.

IMPORTANT:Ensure that you download the installation script within the time window that the SaaS operations team specified for your installation. After this time, the script will no longer be available for download and you will have to request another script.

  1. After you receive the CBA download instructions from the SaaS operations team, open a command line and navigate to the folder where you want to install the CBA.

  2. Copy and paste the provided curl command, then press Enter.

    This command downloads and runs the installation script specific to your organization.

  3. At the prompt, specify the desired priority for the CBA instance as follows:

    • If you want the instance to be the Primary instance (the default), enter 0 or just press Enter.

    • Enter 1 for Secondary.

    • Enter 2 for Backup.

    NOTE:If you need to make any changes to your CBA instance or site settings at a later time, you can rerun the installation script. For more information, see Updating High Availability and Other CBA Settings.

  4. At the prompt, specify the desired priority for the CBA site as you did for the CBA instance.

    The installer displays a generated Instance ID for the CBA consisting of the host name and random letters, but you can change this ID to a more meaningful name.

  5. (Optional) Type your desired Instance ID and press Enter to save it.

    The installer then checks whether Docker or Podman is installed and displays the version.

  6. At the prompt, enter the user name for the CBA administrator (cbagent) and set a password.

    You will use these credentials to log in to the CBA console and add credentials for your data source.

    The script then installs the Cloud Bridge Agent. When installation is complete, the CBA comes up and sends a heartbeat to the SaaS operations center.

  7. Log in to Advanced Authentication and perform the following steps:

    1. Configure an external repository to an on-premises LDAP source. For more information, see “Adding a Cloud Bridge External Repository” in the Advanced Authentication SaaS Administration Guide.

      IMPORTANT:If you are setting up a Cloud Bridge external repository in Advanced Authentication for an IGA tenancy, use the format TENANT_ID_AA_ER for the external repository name, where TENANT_ID is in uppercase.

    2. Copy the data source connection credential ID from the Advanced Authentication UI. You will need this credential ID in Cloud Bridge.

  8. (Conditional) If you have Identity Governance as a Service, log in to Identity Governance, configure a data source connection, then copy the unique ID for that connection. For more information, see “Collecting Data Using Cloud Bridge” in the Identity Governance as a Service User and Administration Guide.

  9. (Conditional) If you have other NetIQ SaaS products that you want to use with Cloud Bridge, log in to those products and configure data source connections as described in the documentation for those products.

  10. In a supported browser, go to the Cloud Bridge Agent URL: http://localhost (CBA_IP_address_or_DNS_name):8080.

  11. Log in to the Cloud Bridge Agent console using the bootstrap administrator credentials:

    • User name: cbagent
    • Password: The password that you set when you ran the installation script
  12. (Optional) On the Dashboard tab, verify that the site and instance priorities you set for the CBA during installation are correct.

    NOTE:The Instance Id is the generated identifier or the name that you specified for the current CBA instance.

    The Target Id is the name of the primary CBA instance in a high availability environment. It is the instance with which the Cloud Bridge Client communicates. The Instance Id and the Target Id might be the same if you are currently viewing the primary CBA instance or if you have only one CBA instance in your installation.

  13. Click the Data Source Management tab and add your data source connection credentials. For more information, see Manage Credentials for Data Source Connections.

  14. (Optional) In Advanced Authentication, click the Test button to verify that the data source connection works.

After you have installed your primary CBA instance, consider installing additional CBA instances for high availability. For more information, see Installing Secondary and Backup CBA Instances.

For more information about using Cloud Bridge with other OpenText SaaS products, see the following resources:

3.3.2 Installing Secondary and Backup CBA Instances

After you have installed your primary CBA instance, you can install secondary and backup instances following the same steps that you used for your primary CBA instance. For more information, see Installing Your Primary CBA Instance.

Each instance of the CBA configuration in your high availability environment must use the same encryption IV and key values. Using the same values on all CBA instances ensures that no disruptions will occur during failovers. For more information about encryption keys and IVs, see Understanding Encryption IV and Key Values.

NOTE:If you have a scenario where you need to back up credentials on an existing CBA and plan to reinstall the CBA, you should make note of the original key and IV from the old CBA before you uninstall it. When you import the credentials into the newly installed CBA, you will need to provide the key and IV from the old CBA.

To reuse the encryption key and IV from the first CBA instance:

  1. On your primary CBA instance, locate and open the .env file. Copy the encryption key and IV from this file.

  2. Install your secondary CBA instance.

    The installation script creates the /agent directory on the secondary instance, but the instance has its own encryption key and IV at this point.

  3. On the secondary CBA instance:

    1. Enter the following command to stop the instance:

      sh <CBA_install_dir>/agent/stop.sh
    2. Open the agent/.env file:

      vi <CBA_install_dir>/agent/.env
    3. Replace the KEY and IV entries in the .env file with the KEY and IV values from the primary CBA instance.

  4. Because the second instance created the Docker container on the installation, it must be replaced for the new key and IV to be used. Enter the following commands to replace the pod definition with the updated key and IV properties:

    sh <CBA_install_dir>/agent/remove.sh
    sh <CBA_install_dir>/agent/create.sh
  5. Start the secondary instance back up with the start script:

    sh <CBA_install_dir>/agent/start.sh

    The second instance initializes, and Cloud Bridge recognizes both CBAs as running in a high availability system.

NOTE:If you need to change your CBA instance or site settings at any point, you can rerun the installation script and make updates. For more information, see Updating High Availability and Other CBA Settings.