Steel Belted Radius Carrier 7.0 Installation Guide > Steel-Belted Radius Carrier Installation Overview > Installation Checklists

Installation Checklists

This section includes installation checklists for different types of installations:

• New Release 7.0 Installation. This checklist records the steps for a new installation. It includes all possible options. If your install uses fewer options, some steps may be omitted.
• SIM Server 5.4 Migration Checklist. This checklist calls out steps for existing SIM Server migration to the Release 7.0 platform.
• Release 6.x Migration Checklist. This checklist calls out steps for existing Release 6.0 and 6.1 migration to the Release 7.0 platform.

New Release 7.0 Installation

This set of procedures installs a new, unconfigured Steel-Belted Radius Carrier Release 7.0 build on a Solaris 10 platform. It includes all possible options that can be included in the Steel-Belted Radius Carrier installation.

Before You Begin

Before you begin to install the Steel-Belted Radius Carrier software, perform these preliminary tasks or verify that they have been accomplished:

1. Review the Steel-Belted Radius Carrier Release Notes for up-to-date information that became available after the Steel-Belted Radius Carrier guides were published.

Download the most recent Release Notes file from:
http://www.juniper.net/techpubs/software/aaa_802/sbrc/sbrc70/bookpdfs/sw-sbrc-rn700.pdf

If the information in the Release Notes differs from the information in any Steel-Belted Radius Carrier guide, follow the Release Notes.

2. Ensure that the server chassis is physically secure.

To review recommendations on the server's characteristics, see Selecting an Appropriate Server.

3. Confirm that the server chassis provides at least the minimum hardware and software requirements.

See Meeting System Requirements.

4. Verify root access.
5. Verify that the server meets basic network requirements:

• See Verifying Network Connectivity25
• See Verifying Host Name Resolution25

6. Verify the server role in the authentication environment. The installation script can configure a Steel-Belted Radius Carrier server as:

• A stand-alone server.
• The primary server in a group made up of replication servers.
• A replication server.
  In an environment that uses replication servers, the primary server must be configured first to provide a base for replication.

LDAP

7. (Optional) If the server will interact with a Lightweight Directory Access Protocol (LDAP) directory service agent, verify or record the path to the LDAP library files (The default path is /usr/lib.)        

SQL

8. (Optional) If the Steel-Belted Radius Carrier server will use an external database, you need to:

• Verify database compatibility and interoperability.

See Setting Up External Database Connectivity.

ORACLE

• If the external database is Oracle, the Steel-Belted Radius Carrier server must be configured as a client of the Oracle server.

As you set up the client, collect this information, or if the client is already installed, record this information to use while installing SBR software:

• Record the path to the local Oracle Home directory (for example: /opt/10g/app/oracle/product/10.2.0.3).
• Record the path to the local Oracle shared library (for example: /opt/10g/app/oracle/product/10.2.0.3/lib32)
• Record the path to the local TNS_ADMIN (for example: /opt/10g/app/oracle/product/10.2.0.3/network/admin)

SS7

9. (Optional) Install a compatible SS7 interface board.

See Installing Signalware and SS7 Interfaces for a list of supported boards, and the documentation that comes with the board for installation instructions.

SIM / WiMAX / SS7

10. (Optional) Install and configure Signalware 9 with Service Pack 5T software, following the product documentation.

• See Chapter 6, Installing Signalware 9, to see an example of a Signalware 9 installation.
• See Chapter 7, Configuring SS7/IP Network Communication Files, for information on editing Signalware configuration files.

RSA

11. (Optional) If the Steel-Belted Radius Carrier server will interact with an RSA authorization server, the Steel-Belted Radius Carrier server must be set up as an RSA client. Follow the RSA product documentation for the procedure.

The Steel-Belted Radius Carrier server should receive a copy of several files from the RSA server. See Setting Up RSA Authorization Client24 for Steel-Belted Radius Carrier requirements and the list of required files.

12. Verify that Steel-Belted Radius Carrier license keys have been assigned by logging in to your Juniper Networks support account.

If you do not have a key, you can go ahead with the installation, but a 30-day trial license with a low maximum session limit is automatically installed.

Installing SBR Software

If all items on the "Before You Begin" list have been checked off, you are ready to install the SBR software. These are the key steps:

1. Unpack the Steel-Belted Radius Carrier Software.

See Unpacking the Steel-Belted Radius Carrier Software29.

If you are not familiar with UNIX package management commands, you can review a list of Package Management Commands29.

2. Check for running SNMP processes on the server and shut down any that are active.

See Shutting Down SNMP31.

3. Run the Steel-Belted Radius Carrier configure script. As the script runs, enter the information you recorded on the previous pages.

See Running the Steel-Belted Radius Carrier configure Script32.

Basic Configuration

After the Steel-Belted Radius Carrier software is on the Solaris server, you can ensure that the base software runs properly and then perform basic configuration steps:

1. Start the Steel-Belted Radius Carrier daemon.

If you usually do not start and stop the daemon from the command line, the basic commands follow, and you can review Steel-Belted Radius Carrier Server Commands:

• Start the RADIUS Server:
  /radiusdir/sbrd start
or restart: /radiusdir/sbrd restart
• Stop the RADIUS Server:
  /radiusdir/sbrd stop
• Display RADIUS Status Information:
  /radiusdir/sbrd status

2. Start SBR Administrator.

Use an HTML browser to address the Steel-Belted Radius Carrier server HTML server. The default page should let you download the Administrator client application and log in as root. You should also confirm that the links to the documentation work.

Verify that you can download and run the application both from the local host and from a workstation on the network.

3. Configuring the environment. This step includes basic, low-level configuration tasks, such as:

• Configuring communications between any additional devices and the Steel-Belted Radius Carrier server.
• Adding additional users to the server.

For additional information, see Configuring the Server.

4. SNMP configuration. If you elected to configure the Steel-Belted Radius Carrier SNMP agent during software installation and other agents also run on the server (such as the Solaris operating system agent), you will need to adjust the ports the agents use so multiple agents do not contend for the same resource.

See Configuring SNMP.

SIM Server 5.4 Migration Checklist

This checklist lists the recommended steps to migrate an existing SIM Server 5.4 installation to the Release 7.0 platform.

We recommend that the SIM Server 5.4 environment be duplicated so far as possible. For instance, if SIM Server 5.4 uses a specific LDAP server or Oracle database, those should be set up so that the new Release 7.0 installation can access them using the older server's configuration information.

Before You Begin

Before you begin to install the Steel-Belted Radius Carrier software, perform these preliminary tasks or verify that they have been accomplished:

1. Review the Steel-Belted Radius Carrier Release Notes for up-to-date information that became available after the Steel-Belted Radius Carrier guides were published.

Download the most recent Release Notes from:
http://www.juniper.net/techpubs/software/aaa_802/sbrc/sbrc70/bookpdfs/sw-sbrc-rn700.pdf

If the information in the Release Notes differs from the information in any Steel-Belted Radius Carrier guide, follow the Release Notes.

2. Create a copy of the SIM Server 5.4 SBR installation on the system that will host Release 7.0.

The recommended method is:

1. As root on the SIM Server 5.4, shut down the SBR daemon.
   Execute: /radiusdir/sbrd stop.
2. Create a gzip archive of the SIM Server 5.4 radiusdir directory, preserving the file structure.

Change directories to /opt/JNPRsbr/ and execute:
tar cfE - radius |gzip > 5_4radius.tgz

1. As root on the Release 7.0 host, create a working directory for the archive:

Execute:
mkdir -p /opt/JNPRsbr/5_4backup

and:

cd /opt/JNPRsbr/5_4backup

1. Use ftp to copy the archive file to the Release 7.0 host.
2. Ungzip the archive in the working directory. This will not create a working installation, just serve as a source of files that can be reused by the Release 7.0 server.

Execute:
gunzip -dc 5_4radius.tgz |tar xf -

1. Check the file permissions on the unzipped archive to ensure that the files are writable.

See Backing Up SIM Server 5.4 or 6.x Release Files for more information.

3. Ensure that the Release 7.0 server chassis is physically secure.

To review recommendations on the server's characteristics, see Selecting an Appropriate Server.

4. Confirm that the Release 7.0 server chassis provides at least the minimum hardware and software requirements.

See Meeting System Requirements.

5. Verify root access on the Release 7.0 server.
6. Verify that the Release 7.0 server meets basic network connectivity and DNS requirements:

• See Verifying Network Connectivity25
• See Verifying Host Name Resolution25

7. Verify that the Release 7.0 server role in the authentication environment is the same type that the SIM Server 5.4 server was in order to migrate files. The installation script can configure a Steel-Belted Radius Carrier server as:

• A stand-alone server.
• The primary server in a group made up of replication servers.
• A replication server.
  In an environment that uses replication servers, the primary server must be configured first to provide a base for replication.

LDAP

8. (Optional) If the Release 7.0 server will interact with a Lightweight Directory Access Protocol (LDAP) directory service agent, verify or record the path to the LDAP library files (The default path is /usr/lib.)
           

SQL

9. (Optional) If the Steel-Belted Radius Carrier server will use an external database:

• Verify database compatibility and interoperability.

See Setting Up External Database Connectivity.

ORACLE / SIM / WiMAX

• If the external database is Oracle, the Steel-Belted Radius Carrier server must be configured as a client of the Oracle server.

As you set up the client, collect this information, or if the client is already installed, record this information to use while installing SBR Carrier software:

• Record the path to the local Oracle Home directory (for example: /opt/10g/app/oracle/product/10.2.0.3)
• Record the path to the local Oracle shared library (for example: /opt/10g/app/oracle/product/10.2.0.3/lib32)
• Record the path to the local TNS_ADMIN (for example: /opt/10g/app/oracle/product/10.2.0.3/network/admin)
          

SS7

10. Install a compatible SS7 interface board.

See Installing Signalware and SS7 Interfaces for a list of supported boards, and refer to the documentation that comes with the board for installation instructions.

SIM / WiMAX / SS7

11. Install and configure Signalware 9 with Service Pack 5T software, following the product documentation.

• See Chapter 6, Installing Signalware 9, for an example of a Signalware 9 installation.
• See Chapter 7, Configuring SS7/IP Network Communication Files, for information on editing Signalware configuration files.

NOTE: The SIM Server 5.4 SBR files that reference Signalware and/or the SS7 card can be copied by the Steel-Belted Radius Carrier configuration script, but no third-party files are moved. Refer to the Ulticom documentation for information on whether and how a previous release's configuration files may be used by the Signalware 9 installation.

RSA

12. (Optional) If the Steel-Belted Radius Carrier server will interact with an RSA authorization server, the Steel-Belted Radius Carrier server must be set up as an RSA client. Follow the RSA product documentation for the procedure.

The Steel-Belted Radius Carrier server should receive a copy of several files from the RSA server. See Setting Up RSA Authorization Client24 for Steel-Belted Radius Carrier requirements and the list of required files.

13. Verify that Steel-Belted Radius Carrier license keys have been assigned by logging in to your Juniper Networks support account.

Licenses from earlier releases cannot be pulled forward. New Release 7.0 licenses are required.

If you do not have a key you can go ahead with the installation, but a 30-day trial license with a low maximum session limit is automatically installed.

Installing Steel-Belted Radius Carrier Software

If all items on the "Before You Begin" list have been checked off, you should be ready to install the SBR Carrier software on the Release 7.0 server. These are the key steps:

1. Unpack the Steel-Belted Radius Carrier Software.

See Unpacking the Steel-Belted Radius Carrier Software29.

If you are not familiar with UNIX package management commands, you can review a list of Package Management Commands29.

2. Check for running SNMP processes on the server and shut down any that are active.

See Shutting Down SNMP31.

3. Run the Steel-Belted Radius Carrier configure script. As the script runs, enter the information you recorded on the previous pages.

NOTE: When the configure script prompts: Please enter backup or radius directory from which to migrate., specify the path to the copy of the SIM Server 5.4 that you created earlier, in Create a copy of the SIM Server 5.4 SBR installation on the system that will host Release 7.0..

See Running the Steel-Belted Radius Carrier configure Script32.

Basic Configuration

After the Steel-Belted Radius Carrier software is installed on the Solaris server, ensure that the base software runs properly and then perform basic configuration steps:

1. Start the Steel-Belted Radius Carrier daemon.

If you usually do not start and stop the daemon from the command line, the basic commands are below, and you can review Steel-Belted Radius Carrier Server Commands:

• Start the RADIUS Server:
  /radiusdir/sbrd start
or restart: /radiusdir/sbrd restart
• Stop the RADIUS Server:
  /radiusdir/sbrd stop
• Display RADIUS Status Information:
  /radiusdir/sbrd status

2. Start SBR Administrator.

Use an HTML browser to address the Steel-Belted Radius Carrier server HTML server. The default page should let you download the Administrator client application and log in as root. You should also confirm that the links to the documentation work.

Verify that you can download and run the application both from the local host and from a workstation on the network.

3. Configuring the environment. This step includes basic, low-level configuration tasks, such as:

• Configuring communications between any additional devices and the Steel-Belted Radius Carrier server.
• Adding additional users to the server.

For additional information, see Configuring the Server.

SNMP

4. SNMP configuration. If you elected to configure the Steel-Belted Radius Carrier SNMP agent during software installation and other agents also run on the server (such as the Solaris operating system agent), you will need to adjust the ports the agents use so multiple agents do not contend for the same resource.

See Configuring SNMP.

5.4

5. A number of files can be manually migrated from a SIM Server 5.4, but the structure of the Release 7.0 files is different from previous releases because they carry configuration information on new features. Existing SIM Server 5.4 settings from each type of file listed here can be copied and pasted into the corresponding Release 7.0 files:

• XML configurations
• JRE Extensions
• JavaScript files
• Dictionaries
• Third-party plug-ins and other binaries

Any root certificates that are not tied to a specific server may be moved, manually, to the new server.

See Migrating Files from Earlier Releases.

Release 6.x Migration Checklist

This checklist lists the recommended steps to migrate an existing Release 6.0 or 6.1 SBR Solaris Server installation to the Release 7.0 platform.

We recommend that the 6.x environment be duplicated so far as possible. For instance, if 6.0 or 6.1 uses a specific LDAP server or Oracle database, those should be set up so that the new Release 7.0 installation can access them using the older server's configuration information.

Before You Begin

Before you begin to install the Steel-Belted Radius Carrier software, perform these preliminary tasks or verify that they have been accomplished:

1. Review the Steel-Belted Radius Carrier Release Notes for up-to-date information that became available after the Steel-Belted Radius Carrier guides were published.

Download the most recent Release Notes from:
http://www.juniper.net/techpubs/software/aaa_802/sbrc/sbrc70/bookpdfs/sw-sbrc-rn700.pdf

If the information in the Release Notes differs from the information in any Steel-Belted Radius Carrier guide, follow the Release Notes.

2. Create a copy of the 6.x SBR installation on the system that will host Release 7.0.

The recommended method is:

1. As root on the 6.x server, shut down the SBR daemon.
   Execute: /radiusdir/sbrd stop.
2. Create a gzip archive of the 6.x radiusdir directory, preserving the file structure.

Change directories to /opt/JNPRsbr/ and execute:
tar cfE - radius |gzip > 6_radius.tgz

1. As root on the Release 7.0 host, create a working directory for the archive:

Execute:
mkdir -p /opt/JNPRsbr/6_backup

and:

cd /opt/JNPRsbr/6_backup

1. Use ftp to copy the archive file to the Release 7.0 host.
2. Gunzip the archive in the working directory. This will not create a working installation, just serve as a source of files that can be reused by the Release 7.0 server.

Execute:
gunzip -dc 6_radius.tgz |tar xf -

1. Check the file permissions on the unzipped archive to ensure that the files are writable.

See Backing Up SIM Server 5.4 or 6.x Release Files for more information.

3. Ensure that the Release 7.0 server chassis is physically secure.

To review recommendations on the server's characteristics, see Selecting an Appropriate Server.

4. Confirm that the Release 7.0 server chassis provides at least the minimum hardware and software requirements.

See Meeting System Requirements.

5. Verify root access on the Release 7.0 server.
6. Verify that the Release 7.0 server meets basic network connectivity and DNS requirements:

• See Verifying Network Connectivity25
• See Verifying Host Name Resolution25

7. Verify the Release 7.0 server role in the authentication environment. The installation script can configure a Steel-Belted Radius Carrier server as:

• A stand-alone server.
• The primary server in a group made up of replication servers.
• A replication server.
  In an environment that uses replication servers, the primary server must be configured first to provide a base for replication.

LDAP

8. (Optional) If the Release 7.0 server will interact with a Lightweight Directory Access Protocol (LDAP) directory service agent, verify or record the path to the LDAP library files (The default path is /usr/lib.)
           

SQL

9. (Optional) If the Steel-Belted Radius Carrier server will use an external database:

• Verify database compatibility and interoperatability.

See Setting Up External Database Connectivity.

ORACLE

• If the external database is Oracle, the Steel-Belted Radius Carrier server must be configured as a client of the Oracle server.

As you set up the client, collect this information, or if the client is already installed, record this information to use while installing SBR Carrier software:

• Record the path to the local Oracle Home directory (for example: /opt/10g/app/oracle/product/10.2.0.3)
• Record the path to the local Oracle shared library (for example: /opt/10g/app/oracle/product/10.2.0.3/lib32)
• Record the path to the local TNS_ADMIN (for example: /opt/10g/app/oracle/product/10.2.0.3/network/admin)

SS7

10. (Optional) Install a compatible SS7 interface board.

See Installing Signalware and SS7 Interfaces for a list of supported boards, and the documentation that comes with the board for installation instructions.

SIM / WiMAX / SS7

11. (Optional) Install and configure Signalware 9 with Service Pack 5T software, following the product documentation.

• See Chapter 6, Installing Signalware 9, to see an example of a Signalware 9 installation.
• See Chapter 7, Configuring SS7/IP Network Communication Files, for information on editing Signalware configuration files.

NOTE: If the 6.x server installation used a version of Signalware released before Signalware 9, refer to the Ulticom documentation on whether and how a previous release's configuration files may be used by the Signalware 9 installation. 6.x files that reference Signalware can be copied by the Steel-Belted Radius Carrier installation procedure, but no third-party files are moved.

RSA

12. (Optional) If the Steel-Belted Radius Carrier server will interact with an RSA authorization server, the Steel-Belted Radius Carrier server must be set up as an RSA client. Follow the RSA product documentation for the procedure.

The Steel-Belted Radius Carrier server should receive a copy of several files from the RSA server. See Setting Up RSA Authorization Client24 for Steel-Belted Radius Carrier requirements and the list of required files.

13. Verify that Steel-Belted Radius Carrier license keys have been assigned by logging in to your Juniper Networks support account.

Licenses from earlier releases cannot be pulled forward. New Release 7.0 licenses are required.

If you do not have a key you can go ahead with the installation, but a 30-day trial license with a low maximum session limit is automatically installed.

See Obtaining a License Key.

Installing SBR Software

If all items on the "Before You Begin" list have been checked off, you should be ready to install the SBR software on the Release 7.0 server. These are the key steps:

1. Unpack the Steel-Belted Radius Carrier Software.

See Unpacking the Steel-Belted Radius Carrier Software29.

If you are not familiar with UNIX package management commands, you can review a list of Package Management Commands29.

SNMP

2. Check for running SNMP processes on the server and shut down any that are active.

See Shutting Down SNMP31.

3. Run the Steel-Belted Radius Carrier configure script. As the script runs, enter the information you recorded on the previous pages.

NOTE: When the configure script prompts: Please enter backup or radius directory from which to migrate., specify the path to the copy of the 6.x server that you created earlier, in Backing Up SIM Server 5.4 or 6.x Release Files.

See Running the Steel-Belted Radius Carrier configure Script32.

Basic Configuration

After the Steel-Belted Radius Carrier software is on the Solaris server, ensure that the base software runs properly and then perform basic configuration steps:

1. Start the Steel-Belted Radius Carrier daemon.

If you usually do not start and stop the daemon from the command line, the basic commands follow, and you can review Steel-Belted Radius Carrier Server Commands:

• Start the RADIUS Server:
  /radiusdir/sbrd start
or restart: /radiusdir/sbrd restart
• Stop the RADIUS Server:
  /radiusdir/sbrd stop
• Display RADIUS Status Information:
  /radiusdir/sbrd status

2. Start SBR Administrator.

Use an HTML browser to address the Steel-Belted Radius Carrier server HTML server. The default page should let you download the Administrator client application and log in as root. You should also confirm that the links to the documentation work.

Verify that you can download and run the application both from the local host and from a workstation on the network.

3. Configuring the environment. This step includes basic, low-level configuration tasks, such as:

• Configuring communications between any additional devices and the Steel-Belted Radius Carrier server.
• Adding additional users to the server.

For additional information, see Configuring the Server.

4. SNMP configuration. If you elected to configure the Steel-Belted Radius Carrier SNMP agent during software installation and other agents also run on the server (such as the Solaris operating system agent), you will need to adjust the ports the agents use so multiple agents do not contend for the same resource.

See Configuring SNMP.

6.0, 6.1

5. A number of files can be manually migrated from a SBR 6.x server to 7.0, but the structure of the files is different from previous releases because they carry configuration information on new features added in Release 7.0. Existing Release 6.x server settings from each type of file listed here can be copied and pasted into the corresponding Release 7.0 files:

• XML configurations
• JRE Extensions
• JavaScript files
• Dictionaries
• Third-party plug-ins and other binaries

Any root certificates that are not tied to a specific server may be moved, manually, to the new server.

See Migrating Files from Earlier Releases.