2.7 Non Windows Agent Requirements and Installations

Complete the following requirements before you install the Linux Agent and join Active Directory:

  • Install the Linux Agent with root (requires administrator password)

  • DNS name servers on the Linux Agent must list the Active Directory DNS servers

  • The Active Directory domain is listed as one of the default search domains

  • Download and install prerequisite Linux packages from respective vendors during or prior to running the Linux Agent installation. For more information, see Additional Linux Requirements.

NOTE:If a prerequisite package check or installation fails, the failure notice will identify any missing prerequisites.

2.7.1 Installing the Universal Policy Administrator Linux Agent

After you download the Universal Policy Administrator Linux Agent installer, unpack the installer for your specific Linux distribution. Following is an example of the files included with the final distribution installer:

  • Package_Name.rpm

  • install.sh

  • uninstall.sh

NOTE:The Universal Policy Administrator Linux Agent installer also installs .Net Core 2.2, that is used during an uninstall.

To install the Universal Policy Administrator Linux Agent on a Linux machine:

  1. Copy the Linux Agent installer UPA_3LinuxAgent.tar.gz file applicable to your distribution onto the Linux machine.

    Installer file

    Linux distribution

    UPA_3LinuxAgent.tar.gz

    • RHEL 7 and 8

    • CentOS 7 and 8

    • Oracle Linux 7 and 8

    • SLES 12 and 15

    • Ubuntu 16

    • Ubuntu 18

  2. On the command line, log in as the root user and type the following command to unpack the applicable installation package: tar xvzf <file name>.

  3. For all distributions except Ubuntu, execute the command again using the file name specific to your platform from the table below.

    For example: tar xvf <file name>

    Installer file

    Linux distribution

    RHEL_CENT_Oracle8.tar

    • RHEL 8

    • CentOS 8

    • Oracle 8

    RHEL_CENT_Oracle7.tar

    • RHEL 7

    • CentOS 7

    • Oracle 7

    Ubuntu18.tar

    Ubuntu 18

    Ubuntu16.tar

    Ubuntu 16

    SLES15.tar

    SLES 15

    SLES12.tar

    SLES 12

  4. Verify all installer files are on the computer with the list command: # ls.

  5. Run the install.sh script file as root to set up the Linux Agent. For example:

    • # ./install.sh

    • #bash install.sh

    Available agent configuration types are:

    • (g) - Join the agent to the Cloud Gateway Only
    • (h) - Join the agent to the Cloud Gateway, and create an AD object for this computer (Hybrid Mode)
    • (n) - Don't join the agent to anything

    Installation time varies depending on your environment and prerequisites that need installation. Warning messages during the installation are informational and do not necessarily require action unless you experience an installation failure.

    IMPORTANT:For SUSE installations, you may receive a confirmation prompt y/n before the installation starts. For SUSE 15 installations, the dotnet-runtime-2.1 installation displays a problem dependency for libicu52-1.

    Enter 2 to ignore the dependency and enter y when prompted to install “NEW packages.”

  6. (Optional) Enter g, h, or n when prompted to join Active Directory.

    NOTE:This step and the following step are optional if you want to join agent configuration type at a later time. For information about joining Agent Configuration Type after installation, see Joining Linux Agent Configuration Type Post Installation.

  7. (Optional) When prompted, provide the full domain name, the AD account with rights to join a domain, and AD account password. For example:

    myCompany.local
administrator
<password>

    NOTE:A fully qualified domain name (FQDN) is only required to join the agent to Active Directory.

During the installation, the Linux Agent is added by default to the Computers OU in Active Directory. After the installation is complete, the Linux Agent service runs on the Linux system, as demonstrated in the following example of an installation on a Red Hat distribution.

NOTE:For information about how to start the Linux Agent Service or verify if it is running, see Linux Agent Commands and Lookups.

Adding a GoDaddy SSL Certificate

To add a GoDaddy SSL certificate, you must download the certificate, copy to the necessary agent machine and manually assign trust to the certificate.

NOTE:The GoDaddy SSL certificate is a prerequisite for Linux Agent installation in Cloud Gateway or Hybrid mode only.

Prerequisite

Download the gdig2.crt.pem certificate from the GoDaddy Repository.

For RHEL 7 or CentOS 7 or Oracle Linux 7:

  1. Copy the gdig2.crt.pem file to /etc/pki/tls/certs.

  2. Type ln -s /etc/pki/tls/certs/gdig2.crt.pem /etc/pki/tls/certs/27eb7704.0 and press Enter.

  3. Type certutil -d sql:/etc/pki/nssdb -A -t "C,C,C" -n "Go Daddy Secure Certificate Authority - G2" -i /etc/pki/tls/certs/gdig2.crt.pem and press Enter.

For RHEL 8 or CentOS 8 or Oracle Linux 8:

  1. Copy the Go Daddy Secure Certificate Authority - G2.pem file to /usr/share/pki/ca-trust-source/anchors.

  2. Type update-ca-trust and press Enter.

For SLES 12 and SLES 15:

  1. Copy the certificate to /etc/pki/trust/anchors/.

  2. Type update-ca-certificates and press Enter.

  3. Restart the agent.

For Ubuntu 16 and 18:

  1. Copy the certificate.pem to /usr/local/share/ca-certificates/certificate.crt.

  2. Type dpkg-reconfigure ca-certificates and press Enter.

2.7.2 Installing the Universal Policy Administrator Mac Agent

The Universal Policy Administrator Mac Agent allows you to manage non-domain joined Mac computers with universal policies configured in the web user interface and installed in Cloud Gateway Only mode or native group policy tools in Hybrid mode.

Ensure the following prerequisites are met before you install the Universal Policy Administrator Mac Agent:

  • macOS 10.13, 10.14 or 10.15 installed and running.

  • Domain Administrator Account.

The Universal Policy Administrator Windows Agent installer also installs Microsoft .NET Framework 4.7.x.

To install the Universal Policy Administrator Mac Agent:

  1. Log in to a non-domain joined Mac computer as a local administrator.

  2. Download the Universal Policy Administrator Mac Agent installer file from the Micro Focus Downloads website and copy onto the non-domain joined Mac computer.

  3. Execute the downloaded UPA_3MacAgent.dmg file.

  4. Click Continue when the Universal Policy Administrator Mac Agent setup wizard opens.

  5. Click Install to begin copying files.

  6. Enter the local macOS password if prompted to start Terminal and proceed with installation.

    NOTE:ASP.NET Core 2.1 is installed as part of the prerequisite check, if not installed already and before the Universal Policy Administrator Mac Agent installation starts.

  7. Choose an agent configuration type. The available options are:

    • (g) - Join the agent to the Cloud Gateway Only
    • (h) - Join the agent to the Cloud Gateway, and create an AD object for this computer (Hybrid Mode)
    • (n) - Don't join the agent to anything

    NOTE:Installation time varies depending on your environment and prerequisites that need installation. Warning messages during the installation are informational and do not necessarily require action unless you experience an installation failure.

  8. Enter g, h, or n.

    NOTE:This step optional if you want to join agent configuration type at a later time.

  9. (Optional) Execute the configure.shfile from the /opt/adb-agent/install directory to choose from agent configuration type options as in the previous step, at a later time.

2.7.3 Joining Linux Agent Configuration Type Post Installation

If you did not join your Linux computer to Active Directory or Cloud Gateway in Gateway Only or Hybrid mode when installing the Universal Policy Administrator Linux Agent, follow these instructions on the Linux Agent at a later time:

  1. Open the Linux Terminal and locate the agent directory. For example:

    cd /opt/adb-agent.

  2. Type respective commands for given agent configuration types:

    • Active Directory: dotnet LinuxJoinAD.dll <full domain name> <AD Admin account name> [distinguished name of the computer OU]

      For example: dotnet LinuxJoinAD.dll myCompany.com administrator.

      NOTE:The Linux server is on a corporate network and you choose to join Active Directory for management with native AD tools and GPOs.

    • Cloud Gateway: dotnet CloudLinuxJoin.dll <gatekeeperServer[:port]> <traversalServer[:port]> <domainUser>

      NOTE:The Linux server is in the cloud (outside the corporate network) and does not have a computer object in Active Directory. You can manage this Linux server only from the Universal Policy Administrator web console using Universal Policies.

    • Hybrid Mode: dotnet CloudLinuxJoin.dll <gatekeeperServer[:port]> <traversalServer[:port]> <domainUser> [-create-ad-object]

      NOTE:The Linux server is in the cloud (outside the corporate network) and will have a computer object in Active Directory linked to the Universal Policy Administrator Secure Gateway. Choose this option to manage your cloud Linux server with native Active Directory tools and GPOs.

  3. Enter the AD account password when prompted.

    NOTE:You can also choose to join a specified OU of Active Directory.