Afaria Setup 10.1 – Install Afaria 7 – Download installation package and install license

The steps to install SAP Afaria 7 are:

  1. Download installation package and install license
  2. SAP Afaria Server
  3. SAP Afaria API Service and Administrator
  4. Afaria Admin
  5. Self Service Portal
  6. Enrollment Server
  7. Package Server
  8. SCEP Plugin-in module

This document is about step 1.

Download installation package

You can download the SAP Afaria installer from SAP Market Place. In the download section, it can be found under Sybase Products:

The installer available there is for SAP Afaria 7.0, made available on 5. 11. 2012.

Some newer version of Afaria (7.0 PL5) can be installed directly using the patch file, other versions need to have above version (7.0,PL0) installed. I am going to use the official installation package for showing the installation procedure.

Install license

Download the installer, unpack it on Windows Server 2008 R2. Open the Afaria folder and run setup.exe

The SAP Afaria installation setup start screen is shown.

License key

Enter license key

Click Apply and you will return to the start screen. In case the license is valid, you can now start the installation.

Afaria Setup 9: Configuration – SQL Server

Afaria needs a database server to save its data into a database. This data was installed in the previous step. Now the SQL Server Express data needs to be prepared for SAP Afaria installation.

Preparation

Afaria will need a user to log on to SQL Server Express. As Windows is already hosting an Active Directory, an SAP Afaria user can be created to be used to log on to SQL Server. The same user will be used later by Afaria as the Afaria service user. The user is created in the AD using the Active Directory tool.

Create user

  • First name: afauser
  • Last name: n/a
  • Full name: afauser
  • User logon name: afauser@tobias.de

Confirm the user data.

Add user to groups

After the user afauser is created, the user must be prepared for Afaria tasks. This is done by adding him to the right user groups. By default, the user is already part of the domain users. It must be added to domain admins too.

Select group: Domain Admins.

Create Afaria DB

Start SQL Server Management Studio

Open the context menu of the database node of the server and select New Database.

Enter a name for the database (AfariaDb) and give as initial log size 25 MB. The rest of the configuration parameters can be left as is.

Select the Security folder and Login. Open the context menu and select New Login.

Chose as login name the afauser created in section preparation. Set as default database AfariaDb.

  • Login name: afauser@tobias.de
  • Windows authentication: yes
  • Default DB: AfariaDB
  • Default language: <default>

Add db_executor role

Select AfariaDb under SQL Server and Databases. Select New Query.

In the query editor, enter: CREATE ROLE db_executor

Select Execute

The runs the SQL query on the AfariaDb. In the ouput message window the status of the query can be seen.

Next, run the query: GRANT EXECUTE TO db_executor

Select Execute

These 2 queries created a new role and granted the db_executor permission to it.

Assign roles

Next step is to assign to afauser the needed roles. Select Security -> Users under AfariaDb and click on New User.

Select afauser and give the following Database role memberships:

  • db_dataread
  • db_datawriter
  • db_ddladmin
  • db_executor

This concludes preparing Windows 2008 R2 Enterprise for Afaria. The next steps are now installing Afaria server.

Afaria Setup: Install roles – Active Directory

Afaria does not necessarily need Active Directory. In fact it works nicely with LDAP or integrated Windows authorization too. As Afaria will be installed on a Windows server and AD is available out of the box, it makes sense to enable AD. Creating later new users for device enrollment is easy as they only have to be added to AD.

To add AD, the corresponding role must be added in the server configuration.

Click on Add roles.

Select Active Directory Domain Services.

AD needs the .NET framework. Therefore, the wizard will present a pop up asking to add this feature too. To do so, select Add Required Features.

After Windows installed AD, it needs to be configured. This is done via dcpromo. The installation wizard offers the option to run this tool directly after the installation finished. If the blue link wasn’t clicked, or promoting the server to a AD server should be done later, this tool can be run from command line at any time.

Open a shell (cmd.exe) and start dcpromo.

The Windows Server 2008 R2 is not part of any other domain. A new domain in a new forest must be created. Here I give as name of the domain tobias.de. Of course any other valid domain name can be chosen, like afariatest.corp.

This finishes the installation and initial configuration of AD. After restart, the Windows Server is an AD domain controller.

Afaria Setup – Windows preparations

The specific server requirements for Afaria can be taken from SAP PAM.

For the scenario of this document I assume that you simply want to try out things with Afaria, like getting a understanding of how things work, how to get a device managed by Afaria. To be able to install Afaria, you need a Windows Server 2008 R2 with SP1. To be able to enroll devices, a Certificate Authority that supports NDE is needed. While you can find Windows Ser2008 R2 on Amazon EC, these are not Enterprise Editions. And you need a EE for installing a CA that supports NDE. This feature is included in Server 2012 R2, but Afaria does not run on Windows Server 2012 R2.

To start with Afaria, you need to have a Windows Server 2008 R2 SP1 installation available. An alternative to buying one is to use the trial version. Microsoft offers a trial that is valid for 180 days. http://www.microsoft.com/en-us/download/details.aspx?id=2227. After all, the objective is to try things out with Afaria. The trial offered by Microsoft is delivered as a VHD image, so you’ll need Hyper-V (or transform it to a VMDK image).

After starting the image for the first time, Windows will configure itself.

After finishing the initial configuration, a password for the user Administrator must be given.

You do not have to change the password after the first logon, so you can already chose the one you want to work with.

In case you run your Windows 2008 R2 server in VMWare, it is a good idea to install the VM Ware tools.

Install VMWare tools

To install the VMWare tools, proceed as instructed by VMWare. Go to Manage and select Install VMWare Tools option.

This inserts a virtual CD that contains the VM Ware tools files. Open the Windows Explorer, navigate to the CD drive. Start the installation by running the file setup64.exe.

This will run the VMWare tools installer and install the tools.

To finish the installation, restart the computer.

Update system

The image provided by Microsoft is from 2009, meaning it comes with the same patch level it was built with in 2009. This also means that this Windows version does not meet the minimum requirements of Afaria: SP1 for Windows Server 2008. To get the SP1 you either download the complete SP1 stack from Microsoft or you download and install it through Windows update. The Windows update process brings the image to a current and patched version. Therefore this is the process you should follow.

Start Windows update and turn on automatic updates.

To be able to use Windows 2008 R2 with Windows update, you first must update Windows update.

Afterwards, Windows update will start searching for missing updates. This will show already 127 missing updates. Be prepared, this is only the start of a lengthy update process.

This will take a while to finish. During this first update run IE 9 will be installed. Afterwards, restart the computer. Windows will configure and install the updates.

Log on to Windows. Install more Window updates.

Restart Windows. Log on again and install more updates.

Check for updates

Important: Afaria needs Windows 2008 Server with SP1. Make sure SP1 is part of the updates to be installed list.

Download updates including SP1 for Windows 2008.

SP1 is getting installed and configured.

Let Windows reboot and log on again.

SP1 for Windows 2008 R2 Server is installed. The minimum requirement of Afaria regarding Windows are now met.

Best is to check again for new updates and install them. Go to Windows update and check for new updates.

Update Windows Update (yes, this is as funny as it sounds).

 

Good thing is that this will get you IE11.

After restarting Windows, continue installing patches

Restart Windows to finish installing the patches. Finally, Windows is up to date

Backup

In case you use a VM: take a snapshot or take a backup.