Cisco Pulse Administrator Guide, Release 1.0.5 - Installing Cisco Pulse Application Software [Cisco Pulse]

Table Of Contents

Installing Cisco Pulse Application Software

Task Workflow for the Pulse Appliances

Installing the Application Software

Installing Application Software on a Pulse Collect Appliance

Installing Application Software on a CD

Installing Downloaded Application Software

Installing Application Software on a Pulse Connect Appliance

Installing Application Software on a CD

Installing Downloaded Application Software

Generating a Certificate for the Web Server

Starting the Application on a Pulse Collect Appliance

Starting the Application on a Pulse Connect Appliance

Where to Go Next

Upgrading Cisco Pulse Application Software

Installing Cisco Pulse Application Software

Note This information is intended for the system administrator who is responsible for installing the application software on each Pulse Appliance.

This topic consists of this information:

•Task Workflow for the Pulse Appliances

•Installing the Application Software

•Generating a Certificate for the Web Server

•Starting the Application on a Pulse Collect Appliance

•Where to Go Next

•Upgrading Cisco Pulse Application Software

Task Workflow for the Pulse Appliances

Table 4-1 outlines the tasks that you must perform for each Pulse Appliance and where you can find information to help you perform each task.

Table 4-1 Workflow for Pulse Appliance

Pulse Appliance

Tasks You Must Perform

Where to Find Information

Pulse Collect Appliances

Install the application software.

Installing Application Software on a Pulse Collect Appliance

Start the application.

Starting the Application on a Pulse Collect Appliance

Pulse Connect Appliance

Install the application software.

Installing Application Software on a Pulse Connect Appliance

Generate a certificate for the web server that hosts Cisco Pulse.

Generating a Certificate for the Web Server

Start the application.

Starting the Application on a Pulse Connect Appliance

Installing the Application Software

Each Pulse Appliance ships with a CD that includes the application software that you ordered. These Cisco part numbers identify each CD:

•For the Pulse Collect application software: 80-9525-01 or 80-9553-01

•For the Pulse Connect application software: 80-9524-01

Each CD generally includes application software for major releases, for example, release 1.0. Before installing this software version, you must check on Cisco.com to determine if a later software version exists.

Note For the Cisco.com location at which you can check for the latest application software, see the latest Cisco Pulse release notes.

If a later version of software exists on Cisco.com, download and install that version instead of the version on the CD.

If you install the application software on the CD, you must be in the same physical location as the Pulse Appliances and establish a console port session with each appliance.

If you download a later version of software from Cisco.com, you can perform the installation using a Secure Shell (SSH) session between a UNIX- or Microsoft Windows-based management station and each appliance. If your management station runs Microsoft Windows, you must run an SSH client.

You must log into each appliance using the system administrator username and password, then the root password. (If you do not already have this login information, you can get it from the network administrator.)

Note As a security measure, you cannot log into the Pulse Appliances directly as root. You must first log into the appliances using the system administrator username and password, then the root password.

These topics provide details about installing the application software on each appliance from the CD or Cisco.com:

•Installing Application Software on a Pulse Collect Appliance

•Installing Application Software on a Pulse Connect Appliance

Installing Application Software on a Pulse Collect Appliance

The application installation process that you perform depends on the source of your application software: the CD or a later version of software that you download from Cisco.com.

Regardless of the application software source, you use a utility to install the application software on a Pulse Collect Appliance. During the installation, you create a management service username and password, which enables the Pulse Collect and Connect Appliances to communicate over HTTPS to authenticate each other.

Note All Pulse Appliances must have the same management service username and password.

If you want to update this username and password later, you can do so using the passwd_mgmtsvc utility. For more information on this utility, see Changing the Management Service Username and Password, page 9-5.

The installation process typically takes a few minutes.

Before You Begin

•Check on Cisco.com to determine if a later application software version exists for the Pulse Collect Appliance. For more information on checking for the latest version of application software, see the release notes for the latest Cisco Pulse software release. If a later version exists, download that version and install it as described in the "Installing Downloaded Application Software" section.

Note For the Cisco.com location at which you can check for the latest application software, see the latest Cisco Pulse release notes.

•If you plan to install the application software version on the CD (Cisco part number 80-9525-01 or 80-9553-01), you must be in the same physical location as the Pulse Collect Appliance. For more information, see the "Installing Application Software on a CD" section.

•You need this information from the network administrator to install the application software on a Pulse Collect Appliance:

–System administrator username and password

–Root password

–IP address

Related Topics

•Installing Application Software on a Pulse Connect Appliance

Installing Application Software on a CD

To perform this procedure, you must be in the same physical location as the Pulse Collect Appliance.

Procedure

To install the application software on the CD that shipped with the Pulse Collect Appliance, perform these steps.

Step 1 Establish a console port session with the Pulse Collect Appliance.

Step 2 Log in as the system administrator, and when prompted, enter the system administrator password provided by the network administrator.

Step 3 Log into the Pulse Collect Appliance as root using this command syntax:

su -

Step 4 When prompted, enter the root password provided by the network administrator.

Step 5 Insert the CD into the CD drive of the Pulse Collect Appliance.

Step 6 From any location, invoke the utility that installs the application software using this command syntax:

install_collect_software-version.sh dvd

where:

software-version = "rm" for the rich-media version.

dvd = Specifies the binary file on the CD.

For example, if you have the text-only version of the application software, enter this command:

install_collect_rm.sh dvd

Step 7 When prompted, specify the management service username and password.

Step 8 Repeat Step 1 through Step 7 for each additional Pulse Collect Appliance in your Pulse topology.

Related Topics

•Installing Downloaded Application Software

Installing Downloaded Application Software

You can perform this installation using a Secure Shell (SSH) session between a UNIX- or Microsoft Windows-based management station and the Pulse Collect Appliance. If your management station runs Microsoft Windows, you must run an SSH client.

Procedure

To install application software downloaded from Cisco.com on the Pulse Collect Appliance, perform these steps.

Note For the sake of providing a sample scenario, this procedure assumes an SSH session established from a UNIX management station.

Step 1 Initiate an SSH session from a management station to the Pulse Collect Appliance using this command syntax:

ssh username@ip-or-host address

or

ssh ip-or-host address -l username

where:

username = System administrator username

ip-or-host address = IP address or host name of the Pulse Collect Appliance

For example:

ssh admin@10.1.0.11

or

ssh 10.1.0.11 -l admin

Step 2 When prompted, enter the system administrator password provided by the network administrator.

Step 3 Log into the Pulse Connect Appliance as root by entering this command:

[admin@mylocalhost ~]$ su -

Step 4 When prompted, enter the root password provided by the network administrator.

Step 5 Create a directory in which to place the downloaded binary file on the Pulse Collect Appliance.

Note For this and future downloads of application software from Cisco.com, we strongly recommend creating a separate directory for each major and minor release of application software.

For example:

mkdir /partB/version1_0_5

Step 6 Copy the binary file from your management station to the Pulse Collect Appliance using this command syntax or an equivalent command that performs the same function:

scp binary-name username@ip-or-host address:/binary-pathname

where:

binary-name = Binary filename

/directory-pathname = Pathname of the directory that you created for the binary file

For example:

scp collect-binary admin@10.1.0.11:/partB/version1_0_5

Step 7 From any location, invoke the utility that installs the application software using this command syntax:

install_collect_software-version.sh /directory-pathname

where:

software-version = "rm" for the rich-media version.

/directory-pathname = Specifies the directory that includes the downloaded binary file.

For example, if you have the rich-media version of the application software, and the binary file is located in the /partB/version1_0_5 folder, enter this command:

install_collect_rm.sh /partB/version1_0_5

Step 8 When prompted, specify the management service username and password.

Step 9 Repeat Step 1 through Step 8 for each additional Pulse Collect Appliance in your Pulse topology.

Related Topics

•Installing Application Software on a CD

Installing Application Software on a Pulse Connect Appliance

The application installation process that you perform depends on the source of your application software: the CD or a later version of software that you download from Cisco.com.

Regardless of the application software source, you use a utility to install the application software on a Pulse Connect Appliance. During the installation, you create these items:

•A management service username and password. This login information enables the Pulse Collect and Connect Appliances to communicate over HTTPS to authenticate each other.

Note All Pulse Appliances must have the same management service username and password.

If you want to update this username and password later, you can do so using the passwd_mgmtsvc utility. For more information on this utility, see Changing the Management Service Username and Password, page 9-5.

•An ncpadmin password. The ncpadmin account allows the system administrator to access the Administration and Vocabulary tabs. The content of these tabs enables you to initially configure Cisco Pulse and upload the Pulse Vocabulary, which are both critical tasks that you must perform to get Cisco Pulse up and running.

Note If you want to update the ncpadmin password later, you can do so using the passwd_ncpadmin utility. For more information on this utility, see Changing the ncpadmin Password, page 9-7.

Before You Begin

•Check on Cisco.com to determine if a later application software version exists for the Pulse Connect Appliance. For more information on checking for the latest version of application software, see the release notes for the latest Cisco Pulse software release. If a later version exists, download that version and install it as described the "Installing Downloaded Application Software" section.

Note For the Cisco.com location at which you can check for the latest application software, see the latest Cisco Pulse release notes.

•If you plan to install the application software version on the CD (Cisco part number 80-9524-01), you must be in the same physical location as the Pulse Connect Appliance. For more information, see the "Installing Application Software on a CD" section.

•You need this information from the network administrator for the Pulse Connect Appliance:

–System administrator username and password

–Root password

–IP address

Related Topics

•Installing Application Software on a Pulse Collect Appliance

Installing Application Software on a CD

To perform this procedure, you must be in the same physical location as the Pulse Connect Appliance.

Procedure

To install the application software on the CD that shipped with the Pulse Connect Appliance, perform these steps.

Step 1 Establish a console port session with the Pulse Connect Appliance.

Step 2 Log in as the system administrator, and when prompted, enter the system administrator password provided by the network administrator.

Step 3 Log into the Pulse Connect Appliance as root using this command syntax:

su -

Step 4 When prompted, enter the root password provided by the network administrator.

Step 5 Insert the CD into the CD drive of the Pulse Connect Appliance.

Step 6 From any location, invoke the utility that installs the application software by entering this command:

install_connect.sh dvd

Step 7 When prompted, specify the management service username and password.

Step 8 When prompted, specify a password for the ncpadmin user account.

Step 9 After the utility completes its tasks, you must generate a certificate for the web server that hosts Cisco Pulse.

For more information, see the "Generating a Certificate for the Web Server" section.

Related Topics

•Installing Downloaded Application Software

Installing Downloaded Application Software

You can perform this installation using a Secure Shell (SSH) session between a UNIX- or Microsoft Windows-based management station and the Pulse Connect Appliance. If your management station runs Microsoft Windows, you must run an SSH client.

Procedure

To install application software downloaded from Cisco.com on the Pulse Connect Appliance, perform these steps.

Note For the sake of providing a sample scenario, this procedure assumes an SSH session established from a UNIX management station.

Step 1 Initiate an SSH session from a management station to the Pulse Connect Appliance using this command syntax:

ssh username@ip-or-host address

or

ssh ip-or-host address -l username

where:

username = System administrator username

ip-or-host address = IP address or host name of the Pulse Connect Appliance

For example:

ssh admin@10.1.0.11

or

ssh 10.1.0.11 -l admin

Step 2 When prompted, enter the system administrator password provided by the network administrator.

Step 3 Log into the Pulse Connect Appliance as root by entering this command:

[admin@mylocalhost ~]$ su -

Step 4 When prompted, enter the root password provided by the network administrator.

Step 5 Create a directory in which to place the binary file on the Pulse Connect Appliance.

Note For this and future downloads of application software from Cisco.com, we strongly recommend creating a separate directory for each major and minor release of application software.

For example:

mkdir /partB/version1_0_5

Step 6 Copy the binary file from your management station to the Pulse Connect Appliance using this command syntax or an equivalent command that performs the same function:

scp binary-name username@ip-or-host address:/binary-pathname

where:

binary-name = Binary filename

/directory-pathname = Pathname of the directory that you created for the binary file

For example:

scp connect-binary admin@10.1.0.11:/partB/version1_0_5

Step 7 From any location, invoke the utility that installs the application software using this command syntax:

install_connect.sh /directory-pathname

where:

/directory-pathname = The directory that includes the downloaded binary file

For example, if the directory pathname is /partB/version1_0_5, enter this command:

install_connect.sh /partB/version1_0_5

Step 8 When prompted, specify the management service username and password.

Step 9 When prompted, specify a password for the ncpadmin user account.

Step 10 After the utility completes its tasks, you must generate a certificate for the web server that hosts Cisco Pulse.

For more information, see the "Generating a Certificate for the Web Server" section.

Related Topics

•Installing Application Software on a CD

Generating a Certificate for the Web Server

After installing the application software on a Pulse Connect Appliance, you must generate a trusted Secure Sockets Layer (SSL) certificate for the web server that hosts Cisco Pulse. This certificate ensures the secure transmission of data between the web server and its clients.

A default Java keystore file named pulse.jks exists in the /opt/cisco/tomcat/conf directory. This topic instructs you to create a backup of this file and place it elsewhere, delete the pulse.jks file in /opt/cisco/tomcat/conf, and finally, generate a new pulse.jks file in the same directory. The new pulse.jks file is a container that houses the certificate.

To generate the certificate, you can establish a console port session with the Pulse Connect Appliance, or a Secure Shell (SSH) session between a UNIX- or Microsoft Windows-based management station and the Pulse Connect Appliance. If your management station runs Microsoft Windows, you must run an SSH client.

You must log into the Pulse Connect Appliance using the system administrator username and password, then the root password. (If you do not already have this login information, you can get it from the network administrator.)

Note As a security measure, you cannot log into the Pulse Appliances directly as root. You must first log into the appliances using the system administrator username and password, then the root password.

Before You Begin

•If you do not have one already, decide to which certificate authority (CA) you will submit a certificate signing request (CSR) file for signing.

•For the sake of providing a sample scenario, this procedure assumes your CA provides a chain of certificates. However, if your CA provides a different response, for example, a root or intermediate certificate, we recommend that you work with your CA or IT department to determine how to best include the response in your keystore file.

Procedure

To generate a trusted SSL certificate for the web server:

Step 1 If you are already logged into the Pulse Connect Appliance, you can skip Step 2 through Step 5. If you are not yet logged into the Pulse Connect Appliance, start with Step 2.

Step 2 Initiate an SSH session from a management station to the Pulse Connect Appliance using this command syntax:

ssh username@ip-or-host address

or

ssh ip-or-host address -l username

where:

username = System administrator username

ip-or-host address = IP address or host name of the Pulse Connect Appliance

For example:
ssh admin@10.1.0.11
or
ssh 10.1.0.11 -l admin
Step 3 When prompted, enter the system administrator password provided by the network administrator.

Step 4 Log into the Pulse Connect Appliance as root by entering this command:
[admin@mylocalhost ~]$ su -
Step 5 When prompted, enter the root password provided by the network administrator.

Step 6 Change directories to the /opt/cisco/tomcat/conf directory by entering this command:
# cd /opt/cisco/tomcat/conf
Step 7 Create a backup of the pulse.jks file, and place the backup in a location of your choice.

The pulse.jks file is a default Java keystore file that resides in the /opt/cisco/tomcat/conf directory.

Step 8 Delete the existing pulse.jks file from this directory.

Note Deleting the existing pulse.jks file is important because in the next step you will create a new file with the same name, and two files with the same name cannot exist in the same directory.

Step 9 Generate a new Java keystore file, pulse.jks, using this command syntax:

/usr/java/jre1.6.0_06/bin/keytool -genkey -alias tomcat -keyalg RSA -keypass keypass -validity 3650 -keystore pulse.jks

where:

keypass = A password that you specify.

For example:
/usr/java/jre1.6.0_06/bin/keytool -genkey -alias tomcat -keyalg RSA -keypass mykeypass 
-validity 3650 -keystore pulse.jks
After you enter this command, you are prompted to enter a keystore password.

Step 10 Enter a keystore password.

Note The keystore password that you enter must match the -keypass keypass attribute that you specified in Step 9.

Step 11 When prompted for the name, enter the Pulse Connect Appliance host name.

For example:
cisco-pulse.mycompany.com
Step 12 Generate a CSR file for the keystore file using this command syntax:

/usr/java/jre1.6.0_06/bin/keytool -certreq -alias tomcat -file csr-filename.csr -keypass keypass -keystore pulse.jks

where:

csr-filename = The name of your CSR file.

keypass = The same password you specified in Step 9 and Step 10.

For example:
/usr/java/jre1.6.0_06/bin/keytool -certreq -alias tomcat -file mycsrfile.csr -keypass 
mykeypass -keystore pulse.jks
Step 13 Have your CA sign the CSR file.

Step 14 Put the CA response, for example, a chain of certificates, in a file, removing any extra lines that are not part of the certificate, and save the file.

A sample filename is cisco-pulse.mycompany.com_stackedChain.pem.

Step 15 Import the certificate chain into the keystore file using this command syntax:

/usr/java/jre1.6.0_06/bin/keytool -import -alias tomcat -keystore pulse.jks -file mycert-chain-filename.extension

where:

mycert-chain-filename.extension = The name of your certificate chain file, including the three-letter filename extension.

For example:
/usr/java/jre1.6.0_06/bin/keytool -import -alias tomcat -keystore pulse.jks -file 
cisco-pulse.mycompany.com_stackedChain.pem
Step 16 Make these edits to the /opt/cisco/tomcat/conf/server.xml file:

Change line 83 from

keystoreFile="conf/pulse.jks"

to

keypass="keypass" keystoreFile="conf/pulse.jks"

where:

keypass = The same password you specified in Step 9, Step 10, and Step 12.

Starting the Application on a Pulse Collect Appliance

After installing the application software on the Pulse Collect Appliances, you must start the application.

Procedure

To start the application on a Pulse Collect Appliance:

Step 1 Enter this command:

# service collect start

Starting the Application on a Pulse Connect Appliance

After installing the application software on the Pulse Connect Appliance, you must start the application.

Procedure

To start the application on a Pulse Connect Appliance:

Step 1 Enter this command:

# service connect start

Where to Go Next

After you install the application software and start up each Pulse Appliance, you must perform these tasks:

•Set up the licensing for Cisco Pulse. For more information, see Chapter 5, "Installing the Cisco Pulse Software License."

•Initially configure Cisco Pulse using the Administration setup wizard. For more information, see "Accessing the Administration Setup Wizard" section on page 6-3.

Upgrading Cisco Pulse Application Software

For information on upgrading the Cisco Pulse application software on your Pulse Appliances, see the release notes for the latest Cisco Pulse software release.