Oracle Mobile Security Suite (OMSS) securely extends identity services and policies to mobile devices through authentication, policy enforcement, and single sign-on between applications. It delivers a secure container for application security and control in order to separate, protect, and wipe corporate applications and data. OMSS provides a trusted and independent mobile workspace for enterprise applications, email, and data.
I will cover OMSS in more detail in my later blogs.
In this article, I will cover the steps for installation of OMSS on Windows. I will also try to cover steps for Linux in my next blog. Here are the steps:-
1) Download the required software by following below steps:-
a) Navigate to edelivery.oracle.com. After logging in, and accepting the terms and conditions, select Product Pack as Oracle Fusion Middleware and Platform as MS Windows x64 (64-bit).
b) Select Oracle Fusion Middleware Identity Management 11g R2 Media Pack
c) Download Oracle Mobile Security Suite 126.96.36.199.0 Part Number V44428-01
d) Extract V44428-01 file
2) The folder Servers include the installable binaries. For installation on Windows, OMSS provides one single executable file.
3) Before proceeding with OMSS installation, make sure to complete installation of below components:-
- Oracle Database 11g R2
4) Create Users and Groups – For this article, I will not be integrating OMSS with other LDAP such as AD or OUD. So all the users are groups are created while installing OMSS.
5) Now, run the setup configuration wizard to install OMSS. Double-click OMSS188.8.131.52.4549 application from OMSS-3.0.1 > Servers > Windows directory and follow the screenshots.
a) On the
Select Components screen, click
- Selecting MSAC and MSAS are mandatory. Choosing to install Notification Server(MSNS) and File Manager(MSFM) is optional but we will be installing them.
- MSNS and MSFM will be installed on Tomcat as part of the installation process.
- For installing MSAC, you have the choice to either install it on IIS, by selecting that option or Un-select that option, in which case it would be automatically installed on Apache server as part of the installation.
- Apache or Tomcat need not be installed, as this would be handled by the installer automatically.
- The supported databases are Oracle database and MySQL database (which comes with the installation). I will be using Oracle Database for this article.
b) On the OMSS Information screen :-
- Verify that the Server Name for the OMSS machine is correct.
- Enter the value for Administrator e-mail.
- Server Name must match the subject name and subject alternative name in certificate (If host certificate is used) for this server. You will be using a self-signed certificate. Refer here to create them.
- There are various ways by which the user can be authenticated. In this article, I am using Kerberos PKINIT. Ignore the option chosen in screenshot below. Choose the first one.
c) On the Kerberos Auth Information screen, enter KDC domain name as owad.local. Leave the Proxy Port and Authentication Port as 80 and 443.
d) On the MSFM and/or MSNS Server Information screen, click
Next. This screen will be shown if File Manager or Notification Server was chosen earlier, as components to install.
For Mobile Security File Manager, only the ports are required to be configured at installation time. If Mobile Security Notification Server is also chosen, then the additional information shown below must be configured.
Since we have not already run the database scripts to create Notification Server schemas, prior to running this installer setup, we will not Select MSNS DB Scripts already executed.
e) On MSNS Server Credential Information screen, Enter
MSNS service username (
MSNS service password.
This is the service account which is created during installation. You can view this account by logging into MSAC under
Settings > Notification Settings > MSN Server Setting page. This account is used to communicate with the Notification Server.
f) On MSAC screen, enter Company Name and add Company logo image.
- Do not Select
LDAP Directory Group Sync. If this is not selected, it will allow MSAC admin to create group/user and those will be stored in local database (and not over OUD/AD). If this is selected, OMSS can identify the source of the users/group in AD/OUD (
controlgroup along with
helpdeskgroups). These users/groups will be synchronized from AD/OUD into OMSS and they will appear within users/groups tab in MSAC.
- The Master Server is the one where scheduled tasks are run, that do background database updating. You should only run the scheduled tasks on a single server (called master server).
g) On Oracle Database Information screen, give the DB information.
These tablespaces have to be pre-created in the database. You only make a reference to the existing tablespaces by their names, however these tablespaces must pre-exist before you continue the installation process.
On Oracle Database Credential Information screen, enter the DBA User ID and service account username/password. The DBA credentials are never stored on the file system . They are only used to run the database scripts and assign ownership to the service account specified in this screen.
The Mobile Security Administrative Console uses the service account credentials to connect to the Oracle Database. The DBA SYS account must pre-exist
as the Oracle database is already installed. If you are executing the DB scripts manually prior to running this installer, the DB service account(
be defined prior to running the installer. Else the installer will create this account (
omss_msac) using the DBA credentials specified.
All the database schema/table creation is done using SYS DBA account. The service account(
omss_msac) is used by MSAC to access tables under different schemas( lattice, reporting, audit).
Note: Installer will create the database connection account(
omss_msac). This is used by MSAC to connect to the database.
Since we created tablespace above, we did not receive a warning, otherwise a warning will be issued.
h) On Mobile Security Administrative Console screen, enter the account name and password which will be used to run MSAC service. Click Next.
This account will be created while installation. Had we integrated with LDAP, we would have given a existing user. I will cover this in my another article.
i) Generate PKCS#12 private key and public certificate file that is suitable for use with HTTPS and FTPS as well as the server certificate CA trust chain file. You can follow steps here from my another blog to do so.
j) Once installation is complete, restart the server. Observe that once restart happens, OMSS service is automatically started.
k) To Verify, access the below URL and login using admin user created while installing.
l) The Dashboard captures the information on containers, groups, users, catalog and policies.
Observe the logo.
m) The Server settings for the Notification Server can be viewed from the Notifications settings tab.
n) Also verify bmax application.
o) Users and Groups can also be verified. This is the case where LDAP is not integrated with OMSS. I will cover the integration in my next blog.
If you encounter any issues or need any help with OMSS or Identity Management, feel free to contact me on Sumit@OraWorld.co.uk
If you want to know when I have shared new blog posts for OMSS, you can Subscribe to Blog.