quick sandbox installation

---

To build a new IdentityIQ Sandbox, you should start with downloads.

• MySQL Community Installer - version 8.0 - mysql-installer-web-community-8.0.38.0.msi
• Apache Tomcat 9 - apache-tomcat-9.0.95-windows-x64.zip or latest version.  Use the 64-bit Windows Zip  file - the fourth in the list.  Do not use the Windows Service installer.
• Adopt OpenJDK version 17 JDK - OpenJDK17U-jdk_x64_windows_hotspot_17.0.10_7.msi or latest version
• SailPoint IdentityIQ version of your choice, also patch level files and latest security vulnerability fixes if desired.
• SailPoint Standard Services Build - latest version v7.0.2

The most basic java install follows this path.

• Double click the installer file.  Select to get to a page showing the various options.  This page is tricky so mind the details below.
• Select the first option which is to install the software, it will give you a default option to install to somewhere in c:\program files.  If you click that option, it will show a folder name box which you can edit the folder name.  I prefer to install a folder named C:\Java\jdk-17.0.10 - of course use the version you are installing.  I do this because I don't like spaces in folder names.
• Finally set JAVA_HOME to the java install folder and make sure the install bin folder is in your path.
• Also download Apache Ant and install it, then set ANT_HOME and make sure the ant bin folder is in your path.

The MySQL Community Edition installer will prompt for which modules to install.

• Choose Custom selection
• Add latest MySQL Server version
• Add latest MySQL Workbench version
• Optionally add latest MySQL Shell if you prefer to use shell.

Allow the install to complete.  Next it will start configuration.

• Choose default settings.
• Choose a root password.  WRITE IT DOWN and save in a password safe.  If lost your ability to reconfigure the database is lost.
• Allow the database configuration to complete.
• Open the MySQL Workbench to verify.

These recommendations are made from years of experience.  The basis for these recommendations comes from that experience.:

• Create a folder in your C: drive or even better, a data drive such as E:  It should be on your local hard drive and not on a virtual drive.  The name of that folder could be your version, such as c:\iiq83, or if you work on multiple clients, it could be your client name, such as c:\zsu
• For the examples below I will use c:\zsu for all examples.
• I recommend using Windows Terminal or Git CMD for commands, but CMD can also be used, or Git bash.  Commands below are for a Windows CMD CLI.
• Navigate to your folder and create a data folder, an ssb folder, and a logs folder.
• Using File Manager window, right click on the apache tomcat zip file and Extract to: your newly created folder.  It should create a folder C:\zsu\apache-tomcat-9.0.95 which is where your tomcat is now installed.
• Immediately open the C:\zsu\apache-tomcat-9.0.95\conf\server.xml file and change the shutdown port from 8005 to 8006.  Save the file.

Again these recommendations are from years of experience.

• Navigate to the tomcat webapps folder. For our example it would be the folder named c:\zsu\apache-tomcat-9.0.95\webapps
• While the current folder is the webapps folder, create a new folder identityiq in that folder with a command such as mkdir identityiq
• In this example I will use a specific folder as staging, which will be c:\zsu\staging
• Download the identityiq-8.x.zip file to your staging folder.
• Unzip the zip file to the identityiq-8.x folder.  x being the base version you are installing.
• Next navigate into that folder using a command such as cd identityiq and execute the following command, using your staging folder name: jar cvf c:\zsu\staging\identityiq-8.x\identityiq.war
• The contents of the war file should unzip into the identityiq folder and you should see the WEB-INF folder in that.

The software is now installed.

The next step is to create the database schema and load the initial data.

• Navigate to the WEB-INF\database folder with your File Explorer and open the create_identityiq_tables-8.x.mysql file using your favorite editor.  For production deployments you will likely use .oracle or .sqlserver versions of the file, since MySQL is not suitable for production environments.  Save that file in the C:\zsu\data folder but change the file extension to .sql
• If you already have a set of identityiq schemas in your database, you can use a simple find and replace with your editor, changing every occurrence of identityiq to something you prefer, such as iiqzsu.  In this instance, after performing the change, go back and change every occurrence of (example) BY 'iiqzsu  (include the beginning single quote) back to BY 'identityiq
• The reason for changing the passwords back into identityiq is so that the encrypted passwords can remain in the iiq.properties file.  Save the file.
• Open the file from the data folder in MySQL Workbench, select the entire file and click the left lightning bolt.  It should execute without errors.

The next step is to load the data.

• If you are using the identityiq schema name, having not modified the database creation script, then the WEB-INF/classes/iiq.properties file does not need edited.
• If you did change the schema name, you will need to change that in the iiq.properties in 4 places, in the dataSource.username, dataSource.url, pluginsDataSource.username, and pluginsDataSource.url parameters, changing identityiq to the value chosen for the schema name.
• Once the iiq.properties file is edited, it is a good practice to copy it to the ssb folder you created above.
• In the CMD window you have been using, navigate to the WEB-INF\bin folder and enter:

                        .\iiq console

                  >   import init.xml

                  >   import init-lcm.xml

                  >   quit

The data are now loaded.

Since ever version has a patch, it is good to install the latest patch.

• Download the patch jar file and save it to the staging folder you created.
• Navigate to the webapps\identityiq folder in the CMD window
• Enter the following command: jar xvf <patch file>
• In File Explorer, navigate to the WEB-INF/database folder and find the upgrade_identityiq_tables-8.xpN.mysql in your favorite text file editor.
• Save it to your data folder with the file extension of .sql
• Perform the same text search/replace as you did on the create file and save.
• Load the file in MySQL Workbench and execute the script.
• Go back to the CMD window, navigate to the WEB-INF/bin folder and enter:

                    .\iiq patch 8xpN

• Where of course x and N are the version and patch level, respectively.

It is not only possible but preferred to run a sandbox from the command line.

• Navigate to the apache-tomcat-9.0.95\bin folder
• Create a new file  in your text editor
• Enter the following on a single line:

set CATALINA_OPTS=-Xms1024m -Xmx2048m -Dsailpoint.debugPages=true 

--add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED

• Save to the apache-tomcat-9.0.95/bin folder with the name setenv.bat
• Now you can start Tomcat from this folder with:

                     .\startup.bat

• You can stop Tomcat with:

                    .\shutdown.bat

You can set your sandbox to run on startup. 

• Navigate to the apache-tomcat-9.0.95\bin folder and type:

                     .\service install

• Next open the services application and edit the IdentityIQ service:
• Set the memory values (see above)
• Add the -Dsailpoint.debugPages=true to the normal parameters
• Add the add-exports to the Java 9 parameters
• Set the service for automatic delayed start.

It is important to have a backup of the system as built before any customization.

• Download and install the MC Object Exporter plugin
• Create a new Task called MC Export Base
• Set the Base folder to a folder called (using our example) C:\zsu\base\config
• Set the object type to default
• Set the name to $NewDefault$
• Execute

It is important to have a solid set of merge files for merge file processing.

• Navigate to the top level folder (our example: C:\zsu)
• Create a new folder called merge
• Inside merge folder create a folder called config
• Copy the AuditConfig, Configuration, UIConfig folders from the base/config folder to the merge/config folder.
• Now you can create merge exports by referencing this merge/config folder.