Rally Installation Guide - Rally Help - Rally Software

Rally On-Premise Guide

Rally Installation Guide Rally On-Premise Release 2013.1

E-mail: [email protected] http://www.rallydev.com

Version 1

© 2013 Rally Software Development Corp.


Table of Contents

Overview ......................................................................................................................................3 Server Requirements .................................................................................................................. 3 Browser Requirements……………………………………………………………………………………………………………………………………………….4 Rally Installation Instructions .............................................................................................................6 Rally Control Pane l ........................................................................................................................ 12 Change Your Password ................................................................................................................... 13 Back Up/Restore ........................................................................................................................... 14 Back Up .................................................................................................................................14 Restore ..................................................................................................................................16 Schedule ................................................................................................................................17 Rally Services .............................................................................................................................. 18 Rally Service(RallyApplication)....................................................................................................18 Search Service .........................................................................................................................19 Restart Serve r.............................................................................................................................. 20 Licensing .................................................................................................................................... 21 Subscription List ........................................................................................................................... 22 Log Files ..................................................................................................................................... 23 Server Settings ............................................................................................................................ 24 Network Settings ......................................................................................................................24 Mail Serve r Settings ..................................................................................................................26 Web Serve r Se ttings..................................................................................................................28 Network Time Settings ...............................................................................................................29 LDAP Settings ..........................................................................................................................30 SSL Certificate .........................................................................................................................34 Java Keystore ..........................................................................................................................38 Serve r Diagnostics ........................................................................................................................ 39 Current Serve r Status ................................................................................................................39 Search Service Status ................................................................................................................40 Network Settings ......................................................................................................................41 Ping ......................................................................................................................................42 TCP /IP ...................................................................................................................................43 Email Test...............................................................................................................................44 Upgrade Rally .............................................................................................................................. 45 Email all Rally Users ...................................................................................................................... 47 Rally Login Banner ........................................................................................................................ 48 Troubleshooting Tips...................................................................................................................... 50 Enabling the Rally On -P remise LDAP Module ........................................................................................ 52 Introduction ............................................................................................................................52 Setup Rally .............................................................................................................................52 Setup your LDAP Environment......................................................................................................56 Enabling LDAP on Rally On-P remise ...............................................................................................58 Running the LDAP Sync ..............................................................................................................60 Backup and Restore of LDAP Se ttings.............................................................................................61 Rally Idea Manage r & Rally Support Manage r Integra tion......................................................................... 62 Rally On-Premise Blog.................................................................................................................... 63 Contacting Technical Support........................................................................................................... 63 Rally On-P remise LDAP Module Worksheet ........................................................................................... 64


Rally® Installation Guide For On-Premise Deployment Overview Rally’s popular subscription software for Agile Software Lifecycle Management may be deployed, as an option, on your own company premises. In this case, Rally is installed on your own server within your company’s IT infrastructure. Rally uses VMware® software to create a self-contained environment that includes its own virtual hardware, operating system, application servers, application software, and database management system. Once installed, Rally is accessible via your local intranet or Virtual Private Network.

Server Requirements On-Premise base requirements: • • •

VMWare platform with 64-bit support. This includes ESX 3.5.x and ESX 4.0 (vSphere). 64-bit capable processors with hardware virtualization (Intel® VT-d, AMD AMD-V) Complete checklist for 64-bit guest support: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display KC&externalId=1003945

•

• •

At least 6.0 GB of RAM for Rally’s use (or at least 6 GB RAM for a server dedicated to Rally). Rally Software recommends 8 to 12 GB of RAM for improved performance for subscriptions that may serve a higher volume of requests. 150 GB of disk space for Rally’s VMware image A DVD-ROM drive or network access to a server with a DVD-ROM drive (If you received the VMware image on a DVD disk).


Browser Requirements We at Rally are committed to making our software easily accessible. You can access the Rally Application or Control Panel wherever you have a connection to your On-Premise server via a PC, Linux, or Macintosh computer. Nevertheless, it is not possible or practical for us to support every operating system and browser combination that is available. To take advantage of the newest Rally features, we recommend that you use one of the following fully supported browsers: • • • •

Firefox Chrome Safari Internet Explorer*

We support the two latest versions of each of these browsers. We do not recommend using development, test, or beta versions of these web browsers. Versions that are not publicly released may not work properly with the Rally application. In particular we strongly suggest using Chrome. Regardless of the browser you choose, you must enable cookies and JavaScript. * Internet Explorer - Currently, we support Internet Explorer 9 and Internet Explorer 8. We no longer support Internet Explorer 6 and will not support Internet Explorer 7 as of January 1, 2013.

2


Rally On-Premise Guide The Rally software installation file contains a Virtual Machine image that includes all the necessary components to run the Rally application.


3


Rally Installation Instructions These instructions will guide you through the process of installing the Rally Virtual Machine and the Rally On-Premise application: 1. Ensure that VMware Server software is properly installed on your machine. You may download the free version of the VMware ESX server here: https://www.vmware.com/products/esxi/ 2. Extract the Rally software to a location that can be accessed via the VMware Client Console. a. Place the Rally software DVD in the DVD-ROM drive. b. Copy the Rally On-Premise [Version].zip from the DVD to a directory on your server. c. Unzip the Rally On-Premise [Version].zip. 3. Deploy the Rally Virtual Machine. a. Deploy the Rally On-Premise VMware image to your ESX server by clicking on File -> ‘Deploy OVF template…’ in your VMware Client Console

4


Rally On-Premise Guide b. Select Rally_On-Premise_[Version].ovf from the unzipped file.

c. You may update the name of the Rally On-Premise Server on your VMware Server to reflect your corporate naming conventions.

d. Select your Datastore and the Network Mapping then Deploy the Rally Virtual Machine e. Once deployed to your VMware server you may check the settings on the Rally Virtual Machine and make modifications if necessary. f. Power on the Rally Virtual Machine.


5

Rally On-Premise Guide 4. Configure your Network Information. Upon first boot, various steps will be needed to configure the system. For the following instructions, work from the VMware Client console. a. You will be prompted with the screen below

b. Select ‘Edit Devices’

c. Select eth0 (eth0) to edit

6


Rally On-Premise Guide d. Enter a static IP address or leave as DHCP. If you assign a static IP address, the Name and Device field should be configured as eth0. (This does not refer to the VM machine hostname). If you use DHCP and have a DHCP-enabled DNS server, the virtual image will register itself as rallyonprem in DNS. e. Click OK and you will be returned to the Network Interface screen.

f.

If you would like to Configure Domain Name Service for your domains you can select to Edit the DNS configuration.

g. *IMPORTANT: *DO NOT* change the internal Hostname. Changing this will prevent the Rally Application from starting (the Hostname shows up as “rallyonprem-oraclese.f4tech.com”. You may only be able to see “ese.f4tech.com” on the screen). Configure Domain Name Service (DNS) on your primary and secondary Domain Name Servers if you wish to use domain name references (rather than static IP addresses) to use Rally. Follow your company guidelines to configure DNS to access the Rally Control Panel and the Rally software application (if you don’t do it here, you may configure the DNS servers via the Rally control panel at a later time) © 2013 Rally Software Development Corp.

7

Rally On-Premise Guide Wait about 5 minutes for the server to complete the booting process Once the booting process is completed you will be presented with the URL information to login to the Rally On-Premise Control Panel and the Rally ALM application.

8


Rally On-Premise Guide 5. Launch the Rally Control Panel from your Internet browser. a. By default, Rally expects a secure http connection to the console. (To change this, see the Web Server Settings section of this document.) If you configured a static IP address in Step 4, go to the URL: https:///controlpanel/ Otherwise go to the domain that you have configured for Rally: https:///controlpanel/ b. The first time you access Rally using https, you may receive an invalid SSL certificate message from your browser. The Rally On-Premise solution is shipped with a self-signed SSL certificate. To update this certificate to your own, please see the SSL Certificate section of this document.


9


Rally Control Panel Use the Rally Control Panel to manage these administrative tasks: • • • • • • • • • •

10

Change your password Backup and restore Rally data Restart the Rally application Restart the server Activate licensing for your subscription View subscription details Export log files Administer server settings View Server information and diagnostic tools Upgrade Rally application software



Change Your Password It is advised that on a regular basis you change your password for access to the Control Panel. To change your password: 1. Click the Change Your Password link that is located at the top right portion of the Control Panel screen.

2. Type your new password into the New Password field. 3. Retype your new password into the Retype Password field. 4. Save your changes by clicking Reset Your Password.


11


Back Up/Restore The Back Up/Restore features help you to manage snapshots of your Rally data. Three options are available: Back Up, Restore and Schedule. To access these features, click Back Up/Restore on the Feature Menu.

Back Up The Back Up feature enables you to back up a snapshot of your Rally data to an alternate location. By default, the Back Up tab is activated when you click the Back Up/Restore feature.

12


Rally On-Premise Guide To back up your Rally application data: 1. Click Back Up/Restore on the Feature Menu. 2. Enter the User Name for the account on your FTP or SFTP server where you will save your data. 3. Enter the associated Password. 4. Enter the URL for the directory or folder where you will save your backup data. e.g., sftp://www.backupserver.com/backupdirectory/ (Rally suggests you create a directory or folder to hold only Rally Backup files.) Rally automatically creates the file name for your backup data and stores the file in the directory that you indicate in the path. e.g.: 2011.10.22-2-2011-10-28-11-21-54.tgz 5. Click Send. Upon completion, you will see the message: Your Backup completed successfully.


13


Restore You may restore any Rally backup file from your storage location to your Rally application.

To restore your Rally application data: 1. Click Back Up/Restore on the Feature Menu. 2. Click the Restore tab. 3. Select the FTP or SFTP option to indicate the File Transfer Protocol of your choice. 4. Enter the User Name for the account on your FTP or SFTP server from where you will retrieve your data. 5. Enter the associated Password. 6. To restore data from a server located in your private network, enter the Host server name and click Browse FTP. The FTP Browse window is populated with available directories/folders/files. (FTP Browse is not available when using SFTP.) 7. Locate and click the file name to restore. The remaining fields (Remote URL and Remote File) are automatically populated with the related information based on your selection. 8. Click Send. 9. Upon completion of the Restore, the resulting log will display the following message: Your Restore completed successfully. 14



Schedule You can schedule your Backup to run automatically at a time you specify, localized to your office, Rally Server Instance, location.

To schedule a backup of your Rally application data: 1. Click Back Up/Restore on the Feature Menu. 2. Click the Schedule tab. 3. Select from the “Timezone” dropdown list to select a location closest to your office, Rally Server Instance, location 4. Select the Daily or Weekly Backup frequency option in the How Often section. Continue to configure your schedule by selecting values from the related drop down lists to set the time and the day of the Backup. 5. Enter the Username for your FTP or SFTP server. 6. Enter the Password for your FTP or SFTP server. 7. Enter the URL path to the storage folder that you choose. (Note the example format).


15

Rally On-Premise Guide 8. Click Send. A confirmation message returns informing you of the successful schedule. For example: Daily backup has been scheduled for hour 12 AM on host:ftp://atlantis 9. Click the Schedule tab again. The Backup Status dialog box on the right of the display now lists the scheduled backup. 10. Click the Delete this Scheduled Backup link at any time to delete the scheduled backup.

16



Rally Services Restart or Stop the Rally Application Service and manage the Search Service for your OnPremise installation using the Rally Services link on the Feature Menu.

Rally Service (Rally Application) Rally suggests all application users be logged out during a restart of the Rally Application Service to avoid any conflicts.

To restart the Rally Application: 1. Click Rally Services on the Feature Menu. 2. Click the Restart button. Your Rally Application is restarted and a brief log of actions is displayed in the dialog box. 3. Before logging in again, please wait 5 minutes to allow enough time for the Rally Application to restart all processes. To Stop the Rally Application: 1. Click Rally Services on the Feature Menu. 2. Click the Stop button. The Rally Application is shutdown and a brief log of actions is displayed in the dialog box. 3. Once the Rally Application is stopped it can be restarted by clicking on the Restart button. © 2013 Rally Software Development Corp.

17


Search Service The Search Service tab allows for disabling/enabling the Search Service in Rally. By default the Search Service is enabled in Rally and searches in Rally are performed using the search service. To disable the Search Service, click on the “Disable” button. The search feature in Rally will be reverted to the default search process and the Search Service process will be shutdown.

The Search Service provides a process that is scheduled to run once per week to optimize the Search Service index. This process will remove outdated files to keep the index size as small as possible. However, should you need to run the Search Index Optimization; you may do so by clicking on the “Search Index Optimization” button. If an issue arises with the “Search Service Index”, the existing Index can be deleted and recreated by clicking on the “Create Search Index” button. In general the Search Service should not need further management or intervention.

18



Restart Server The Restart Server feature provides the ability to restart the virtual server and the guest operating system where the Rally Application is installed. Rally suggests all application users be logged out during a restart to avoid any conflicts.

To restart the Rally virtual server: 1. Click Restart Server on the Feature Menu. 2. A confirmation message is displayed. Click OK to continue with the server restart. 3. Your Rally Virtual Machine is restarted and the restart status will be visible via the VMware Console for the Rally Virtual Machine. 4. Wait 5 minutes and log into the server.


19


Licensing After successful installation of the Rally application, import your license file into Rally to activate you subscription and make it accessible to Rally Users. The .asc file is sent to you in an email from Rally. It is recommended you save this file to a secure location on your local system.

To import your.asc file: 1. Click Licensing on the Feature Menu. 2. Add your license key by browsing to your .asc file. Select the file and click Open. The path to your file is stored in the Browse … box. 3. Click Upload to import your license file. 4. After successful import, a confirmation message is displayed: License successfully imported. 5. Restart the Rally Application to apply the license to your installation. 6. Subscription details contained within your license file are available from Subscription List on the Feature Menu.

20



Subscription List The Subscription List provides the details about your Rally Subscription that are contained within your license file. Use this option to help manage your users and determine any modules that are appended to your installation.

To review your Subscription details: 1. Click Subscription List on the Feature Menu. 2. The resulting display contains details of your Rally subscription. •

• • • • •

Subscription_Id – Each subscription contains a minimum of two lines. The first line reflects the Administrators account automatically created by Rally. The second line reflects details regarding the Users/Licenses purchased from Rally. Each account is given an internal Rally ID which is reported in this column. Max_Users – This column displays the number of User licenses purchased from Rally. Expiration – The date of expiration of your Rally Licenses. Name – The name of your Rally Subscription. State – This column displays the status of your subscription such as Active or Inactive. Is_ XXX_Enabled – This column displays a binary value that indicates whether or not your subscription is enabled for any specific Rally add-ons such as Web Services, Defect Management and Quality Manager.


21


Log Files Rally captures a log of server events in text files. These files may be used for diagnostic purposes in attempting to troubleshoot problems that may occur with your Rally installation. Log files are compressed into a single .zip file.

To access your Log files: 1. Click Log Files on the Feature Menu. 2. A new window opens and presents a File Download dialog box. Select the .zip file. 3. You may review your log files at any time by clicking Open. 4. Click Save to save your .zip file to a location that can be accessed outside of the Rally Control Panel. 5. If necessary, email the .zip file to Rally Technical Support for assistance with diagnosis and troubleshooting.

22



Server Settings Use Server Settings from the Feature Menu to configure DNS, Mail and Web Server information. This information is used with Rally for access of Backup/Restore files and email notifications within the application. Rally suggests configuring DNS settings prior to enabling Mail Server and Backup/Restore settings from the Feature Menu. You may also configure Network Time Protocol (NTP) synchronization servers using the Server Settings option.

Network Settings You can configure your own DNS settings for your installation using the Network Settings tab.

To enter your DNS Settings: 1. Click Server Settings on the Feature Menu. 2. Enter the Domain name of your Server in the Search Domain field. 3. Enter the Primary DNS Server Address in the DNS Server 1 field. 4. Enter the Secondary DNS Server Address, if applicable, in the DNS Server 2 field. © 2013 Rally Software Development Corp.

23

Rally On-Premise Guide 5. Click Update to save your settings. 6. Verify that the correct data is reflected in the Current DNS Settings section in the lower left portion of the page. Reset Network Configuration Clicking on the “Reset the Network Interface” link will reset the Rally Virtual Machine so that the Network Configuration Interface prompt will be shown at the next reboot of the Virtual Machine and Guest Operating System to allow for changing the IP address of the Rally Application or setting up DHCP.

24



Mail Server Settings Mail Server settings are configured as part of the Server Settings feature. To use the email-dependent features of Rally, you must configure the address information for your Mail Server in the Mail Server Hostname section of the Mail Settings tab. If you have a policy that denies relaying of email, then enter your desired domain information in the Outgoing Email Domain area of the Mail Settings tab.

To enter Mail Server settings: 1. Click Server Settings on the Feature Menu. 2. Enter your mail server host address in the Mail Host Address field. 3. Click Update to save your mail server host address. 4. After a successful update, your Mail Host Address is listed at the bottom of the page in the Current Host field. 5. You can delete your Current Host at any time by clicking the last line on the page: Click Here to delete this Host. The message Host Deleted appears in the Current © 2013 Rally Software Development Corp.

25

Rally On-Premise Guide Host field. 6. To avoid Relaying Denied errors, masquerade your domain name by entering your email domain name in the Email Domain field. 7. Click Update to save your email domain name. 8. After a successful update, your Email Domain Name is listed at the bottom of the page in the Current Domain field. 9. You can delete your Current Domain at any time by clicking the last line on the page: Click Here to delete this Domain. The message Domain Deleted appears in the Current Domain field.

26



Web Server Settings Rally uses secure HTTP to access your software after a typical installation. Although not recommended, it is possible to override this setting and configure your installation of Rally to use a non-secure HTTP format using the Web Server Settings tab.

To enable Non-Secure HTTP Access for your Web Server: 1. Click Server Settings on the Feature Menu. 2. Click the Enable option. 3. Click Update to save your changes. 4. A confirmation message stating Your Changes have been Saved is displayed in a pop up window. Click OK to exit the window.


27


Network Time Settings The Network Time Protocol (NTP) is a commonly used protocol for synchronizing computer system clocks over data networks. NTP servers provide the synchronization point of reference.

To enter Network Time Settings: 1. Click Server Settings on the Feature Menu. 2. Click the Network Time Settings tab. 3. Enter your primary NTP server hostname or IP address in the NTP Server 1 field. 4. Enter your secondary (backup) NTP server hostname or IP address in the NTP Server 2 field. 5. Click Update to save your NTP Server settings. 6. After a successful update, your NTP Server Settings are listed at the bottom of the page under the Current Time Servers heading. 7.

28

You may delete your NTP Server Settings at any time by clicking the last line on the page: Click here to clear NTP servers. © 2013 Rally Software Development Corp.


LDAP Settings If you have the Rally LDAP Module enabled on your Rally Subscription this page provides the setup interface to enter information specific to your Rally Subscription and LDAP environment. For full information about setting up the Rally On-Premise LDAP Module, please see the “Enabling the Rally On-Premise LDAP Module” section at the end of this guide.

Description of each user-input field: LDAP Hostname: Requires the fully qualified Host name of the LDAP server. Port: The port number the LDAP server is listening on, typically “389”. Enable LDAP over SSL: Checking this box will allow your Rally application to connect to the LDAP server using SSL. The Port number may need to be updated as well if using SSL. For © 2013 Rally Software Development Corp.

29

Rally On-Premise Guide further information about importing a certificate to the Rally On-Premise server to be able to use LDAP over SSL, please see the “Java Keystore” section of this document. Select LDAP Vendor: This dropdown box allows you to select the vendor of your LDAP server. The available options are Active Directory, Oracle Internet Directory (10g or 11g), and Oracle Directory Server 11g. Bind Username DN: The Bind Username field is used for authenticating to the LDAP server; this field needs the fully qualified name. Example: CN=LdapReadonly,CN=Users,DC=rallydev,DC=com Bind DN Password: Password for the bind user LDAP Tree Base DN: This field is the Top Level Tree node of the LDAP Directory where your users/groups are located. Example: CN=Users,DC=rallydev,DC=com User Name Attribute: The username attribute is the attribute that lives on the LDAP server, which should be a globally unique identifier within the directory. Once users are populated they will use the value of this attribute as their login name. Example: sAMAccountname LDAP Group Management Note: Group Management is not required if you choose authentication with username and password only. Require membership in an LDAP group: This checkbox is selected by default. Unchecking the box confirms that users will be logged in via authentication only. If you disable the group membership option, the LDAP user syncing service will no longer be available. Users authenticating with Rally will no longer be required to have membership in a specific LDAP group. Group Name: The group on your LDAP server which contains the users you would like to allow access to Rally. Example: CN=RallyGroup,CN=Users,DC=rallydev,DC=com Group Attribute: The Group Attribute for your LDAP Server. Generally, memberOf is used with Active Directory and isMemberOf, member, or uniqueMember is used with Oracle products. You will need to check with your LDAP Administrator to determine which one is in use in your environment. LDAP Synchronization Note: LDAP synchronization requires LDAP Group Management.

Enable LDAP Synchronization Service: Enabling this feature will schedule a sync of any newly added users from the LDAP Rally Group to the Rally Application. This sync is scheduled to occur every 15 minutes.

30


Rally On-Premise Guide Run LDAP Synchronization Immediately after “Save Settings”: Checking this box will force a sync to run right after saving your LDAP settings. Rally Username: The Rally Subscription Administrator or Workspace Administrator account that will be used to create new users in the Rally subscription. Rally User Password: Password for the Rally Subscription Administrator or Workspace Administrator. Save Settings & Restart Rally: Saves the Rally On-Premise LDAP Module settings and the Rally Application is restarted automatically to enable LDAP Authentication within Rally. Test Connection: Once the LDAP Hostname, Port, Vendor, Bind Username DN, Bind DN Password, and Group Name have been entered, you may use the ’Test Connection’ button to test the LDAP connection from the Rally Server. The test will first try to bind to the LDAP Server then attempt to search for the Group Name on the LDAP Server. Disable LDAP & Restart Rally: Deletes the LDAP Authentication settings on the Rally Server and the Rally Application is restarted to disable LDAP Authentication and enable the Rally Application Authentication.


31

Rally On-Premise Guide Rally LDAP User Report Once the Rally On-Premise Module is set up and enabled, the LDAP User Report is available to show the current provision status of users in your Rally Subscription and the LDAP directory.

Running the report will provide a text file with a listing of Users and if they are provisioned in Rally, LDAP or both. The file also provides instructions on reconciling the Users between the Rally Subscription and LDAP.

32



SSL Certificate Your Secure Sockets Layer (SSL) certificate enables encryption of sensitive information that is transmitted between the browser and the server during online transactions. Your SSL certificate is also used to identify you as the registered owner of the domain that is referenced in the transaction.

You will need the certificate file, key file and if a chained SSL certificate is used, the SSL Certificate Bundle file. Customers who install Rally on premises have the option to generate their own certificate, purchase a certificate from a third party vendor, or use the Rally certificate that is installed by default. If the domain owner of the URL does not match the owner of the SSL certificate, you may see an error from your browser warning you of the mismatch. Access to the Rally Web Services API may also be hindered if the domain owner of the URL does not match the owner of the SSL certificate. If your users are comfortable with understanding why the mismatch exists, you may click through the error window and continue with your application experience. If you wish to avoid receiving the error, then you will have to generate a certificate for your company domain and install it using the SSL Certificate tab in the Server Settings area of the Rally administration console:


33

Rally On-Premise Guide Install an SSL Certificate: 1. Generate or purchase your certificate (this should be a single root or unchained certificate) and copy your certificate (.cert) and key (.key) files to the Rally server. Copy them to a convenient place where you may easily access them for installation. A “how-to” section on creating the files needed is available at the end of this section. IMPORTANT: Do not create a password for your key file. If you create a password for your key file, the Apache web server will try to prompt you for the password, and you will be unable to supply it via the console interface. 2. Click Server Settings on the Feature Menu. 3. Click the SSL Certificate tab. 4. Click the Choose File button next to the SSL Certificate indicator to locate your SSL certificate (.cert) file. 5. Click the Choose File button next to the SSL Key indicator to locate your SSL key (.key) file. 6. If your SSL Certificate is a chained certificate, click the Chain Certificate File check box. Click the Choose File button next to the SSL Certificate Bundle indicator to locate your SSL Certificate Bundle file. 7. Click the Upload button to upload and install your certificate and key files. 8. Restart the server. (See the Restart Server section of this guide.)

34


Rally On-Premise Guide Restore Default SSL Certificate:

If you would like to return to the default SSL certificate: 1. Click Server Settings on the Feature Menu. 2. Click the SSL Certificate tab. 3. Click the Restore Default Certificates link at the bottom left of the SSL Certificate page.


35


Creating SSL Certificate for Rally On-Premise from a third party vendor: **This how-to assumes the openssl command is available on the system used to create the private keys You don't need to be on the Rally machine to do this, but the steps below were created using a Linux machine. The steps may be different using a Windows machine with OpenSSL.** 1. Generate a private key openssl genrsa -des3 -out www.mydomain.com.key 1024 2. Generate a Certificate Signing Request (this certificate will be used to generate our ssl certificate on the third parties site.) openssl req -new -key www.mydomain.com.key –out www.mydomain.com.csr 3. Remove Passphrase from Key cp www.mydomain.com.key www.mydomain.com.key.org openssl rsa -in www.mydomain.com.key.org -out

www.mydomain.com.key

4. Submit your request to your third party vendor. The SSL certificate that is obtained should be a single root or unchained certificate. 5. After submitting your CSR to a third party vendor they will send you a crt file. This file will used in combination with the key we generated in step 1, to upload to our On-Premise image. 6. Use the crt file the vendor sends you in combination with the key file you generated to upload to your On-Premise Image.

36



Java Keystore The Rally On-premise LDAP solution supports the ability to connect to an LDAP server over an SSL connection. Before the server can connect securely, the certificate of this server will need to be imported into the Java keystore located on the Rally On-Premise instance. To get started, locate the SSL certificate used by your LDAP server and copy it to a machine that has access to the “Rally On-Premise Control Panel”. Once this is complete follow the instructions below. Adding Public Keys 1. Navigate to the “Keystore” page on the Rally Control Panel under “Server Settings” => “Java Keystore”. 2. Click the “Browse” button and select the certificate file from the LDAP server, then click Upload. 3. Once the upload has completed, the Rally Application will need to be restarted before the certificate can be used for LDAP Authentication.

Viewing Content of a Key After a user has uploaded a key, the user can click on the “View Contents” link and verify that the correct key has been uploaded. Deleting a Key If a user decides a key is not needed anymore for Authentication, or by mistake uploaded an incorrect key, the user can click on the “Delete” link. After deleting the key the user needs to restart the Rally Application for the key to be deleted from the application server cache. © 2013 Rally Software Development Corp.

37


Server Diagnostics Current Server Status The Current Server Status page provides a snap-shot of the Rally On-Premise machine. The page provides the current disk usage, current memory usage and the usage of the database on the system. You may download the database usage output if needed to send to Rally Support.

38



Search Service Status If the Search Service has been enabled the Search Service status will be displayed at the bottom of the Current Server Status page. This section displays current settings, the index directory size, next and last scheduled index optimizations and a link to download the Search Service logs should the need arise to review them or send them to Rally Support.


39


Network Settings The Network Settings tab provides a listing of the current network settings on the Rally OnPremise machine.

40



Ping The Ping tab provides the Ping utility for network troubleshooting purposes.

Enter a computer name or IP address for a host you are trying to reach. Select the number of times to run the Ping command and then Click the Ping button. If you have selected more than one as the number of times to run the Ping command, the output may be delayed as it waits for the Ping command to complete before displaying the output.


41


TCP/IP The TCP/IP tab provides access to the netcat utility (similar to telnet) to assist with network troubleshooting.

Enter a fully qualified computer name or IP address for a host you are trying to reach and a port number and then click the Connect button. The utility will attempt to connect to the destination and will provide the result message in the TCP/IP output box. It may take a few seconds for the results to show in the output box.

42



Email Test The Email Test page provides the current status of Sendmail on the Rally On-Premise server, the current size of the Sendmail queue, and a way to test sending an email.

To send a test email, enter the to and from addresses in the provided fields and then click on the Test Email button. A test email will be sent from the Rally server. The Sendmail log file will appear in the Email Test section of the form. It may take 3 seconds or so for the log to appear as the page will search the Sendmail log file for the recipient of the email and today’s date to display the status of the test email.


43


Upgrade Rally Rally releases updated software builds approximately quarterly during the year. Information about the releases and other important news can be accessed by subscribing to the Rally OnPremise Blog at, http://www.rallydev.com/onpremblog/. You may deploy each release at your convenience. Rally Technical Support will provide support for the currently released build of the Rally application.

Bring up a new Rally VMware Machine. Most upgrades need to be done in this fashion due to changes to the Rally VMware image: Bring up new version in parallel with old version (Recommended) 1. Follow the instructions starting on page 5 of this guide to install the new version of Rally on your VMware server. 2. When asked for the IP address, enter a new IP for this new instance. 3. Follow the instructions to configure the Rally application and also import the license key per page 19. 4. Restart the new Rally Application so changes will take effect. 5. Follow the instructions starting on page 13 to backup (Export) the old instance of Rally from the old instance Control Panel. 6. From the Control Panel of the new instance, Import (Restore) the file you exported above into the new version of Rally, instructions start on page 14. 7. You may then verify all is working as expected with the new instance. 8. Be sure to schedule the backups and configure the email (page 16 and page 24). 9. Update your DNS settings (or advise users of the new IP) to point to the new IP address being used by the new instance of Rally 10. Shut down the old instance on the VMware server. Shutdown old version then bring up new version 1. Follow the instructions starting on page 13 of the installation guide to backup (Export) the old instance of Rally. 2. Shutdown the old instance of Rally 3. Follow the instructions starting on page 5 of the installation guide to install the new version of Rally on your VMware server. 4. When asked for the IP address, use the same IP as the old instance of Rally or setup the new IP information.

44


Rally On-Premise Guide 5. Follow the instructions to configure the Rally app and also import the license key. The license key will be a new one that has been sent or, if still valid, the previous license can be imported. 6. Import (Restore) the file you exported in step 1 into the new version of Rally, instructions start on page 14. 7. Confirm that the new instance is working and looks correct.

Perform an upgrade via the Upgrade Rally link in the Control Panel: Note: Upgrading Rally from the Control Panel can only be performed in certain circumstances. Use the steps below only if you have been told by Rally to use this upgrade approach. Otherwise, follow the steps for upgrading listed above. 1. Click Upgrade Rally on the Feature Menu. Note that the currently installed build of Rally is displayed. 2. Click Browse and navigate to the related Rally supplied *.zip file. Once selected, the file name appears in the Rally Upgrade File field. 3. Click Upload and the file uploaded to the Rally server. 4. Once uploaded click on the Upgrade button to upgrade your Rally installation to the newest build. 5. During the upgrade process, your Rally Server is restarted. After a successful upgrade, a message is displayed: Rally has been started, please wait 5 minutes before logging in.


45


Email all Rally Users The Email All Users link allows the Rally Server Administrator to send a text email to all the users that currently have an enabled account in Rally. This can be used to notify the Rally users of upcoming maintenance or other Rally related messages. It is a text based email no HTML or Rich Text is included in the email message.

The Email All Users page will attempt to send the emails to users that have an account in Rally and are currently enabled. The page will hand off the email to the sendmail server on the Rally Server to be sent. Delivery is not guaranteed and the page will only display an error in sending the email if there is a problem when creating the email and passing it to sendmail. No other error logging is done.

46



Rally Login Banner The Rally Login Banner link allows the Rally Server Administrator to enter either a Bulleted List or Message that will be displayed on the Rally Login page. No markup text (HTML or XML) is allowed. The markup tags will be displayed as entered. Bulleted List:

Displayed on Rally Login page:


47


48


Rally On-Premise Guide A 550 character message may also be entered as a Rally Login Banner:

Displayed on Rally Login page:


49


Troubleshooting Tips If you are experiencing issues, check these symptoms and try the recommended actions in the order in which they are described below:

Symptom Rally stops responding.

Backups fail. A failure message appears in output text.

Recommended Actions 1. Ping the server to verify that it is still available on the network. 2. Restart the Rally application from the control panel. 3. Restart the server. In choosing the appropriate action below, consider whether or not the backups have completed successfully in the past: 1. Try FTP-ing from another server to the server where you are storing backups. 2. Verify that firewall access is set to allow FTP or SFTP. 3. Verify that there is enough free space at your backup destination. 4. Verify that DNS is active and working.

Rally appears to be slow.

1. Check the resource allocation on your VMware server and notice if it indicates swap activity. You may need to allocate more memory. 2. Check the network via tracert or some other means to determine whether the network is congested or blocked.

The mail server is not operating.

1. Check to determine that DNS is set up correctly. 2. Check to discover if the server is attempting to relay the rallydev domain. This is usually not allowed. If this is the case, configure the masquerade option available via the control panel.

Your browser displays an error warning you of a certificate mismatch. Connecting to Rally Web Services API fails with an error similar to: "remote certificate is invalid according to the validation procedure"

An SSL certificate is not available for your domain. 50

The domain owner of the URL does not match the owner of the SSL certificate: 1. Install an SSL certificate that is registered to the same owner as the domain name.

1. A certificate is generated by default for the domain: rallyonprem. This is secure, but will produce an error if you wish to use another domain name. © 2013 Rally Software Development Corp.

Rally On-Premise Guide 2. Enable non-secure SSL. You are locked out of the Rally control panel.

1. Set up a ReadyTalk™ session. 2. Call Rally support so that they may log in and reset your password.

Cannot access the Rally Web Services API documentation from the ‘Help’ link within Rally

1. Access the Web Services documentation directly by typing the URL below into your web browser (change to the IP address or name of the server hosting your Rally tool): https:///slm/doc/webservice/


51


Enabling the Rally On-Premise LDAP Module Introduction Before getting started you will need the following: 1. A Rally On-Premise instance, version 2011.3 or later 2. The Rally license key with the LDAP Module enabled 3. If using an SSL connection to the LDAP server you will need to follow the steps in the Java Keystore section of this document to upload the SSL certificate from the LDAP server to the Rally Java Keystore. 4. Access to an LDAP Server with Read/Write Permissions and the connection information. There is a worksheet at the end of this guide, “Rally On-Premise LDAP module worksheet”, that can be sent to your LDAP administrator to provide the necessary information to connect to the LDAP Server. 5. An LDAP browser client is recommended to help with finding the correct locations of nodes within a LDAP Directory. ( optional: a free client, LDAP Browser 4.5 http://www.ldapadministrator.com/download.htm ) 6. Access to a machine with Ruby installed

Setup Rally 1. Load the Rally On-Premise image into a VMware server. 2. Install the new Rally license key, with the LDAP Module enabled, from the Control Panel via the “Licensing” page. 3. After the license has been installed, restore a current copy of your existing database using the “Restore” feature under “Backup/Restore”. Or, if you are installing Rally for the first time, restart the Rally Application by clicking on the “Rally Services” link and then clicking the “Restart” button for the new license key to be loaded. 4. Ensure the DNS Settings entries have been filled in and saved on the “Network Settings” tab so that the LDAP Hostname will be properly resolved.

52


Rally On-Premise Guide 5. Login to Rally as a Subscription Administrator or use the default Subscription Administrator login, [email protected] to create a new Workspace in Rally. Name this new Workspace, “Rally LDAP” (or whatever naming convention is acceptable in your environment). Click on ‘Setup’->`Workspaces & Projects’->`Actions’->`New Workspace…’ to create the new Workspace.

6. Once the new Workspace is created and Saved, click on the “plus” icon next to the Rally LDAP Workspace that was created on the Workspace & Projects tab and then click on the “edit” icon at the end of the “Sample Project” row to edit the name of the Project. 7. Rename the Project to “Rally LDAP Project” (or whatever naming convention is acceptable in your environment). Save & Close.

8. Click on the “Users” tab and create a new Rally User that is a Subscription Administrator or Workspace Administrator (if your Rally Subscription allows Workspace Administrators to add new users).


53

Rally On-Premise Guide 9. You may set the User Name to whatever you choose as long as it is in a valid email address format. Then set the email address to a valid email address so that the Welcome email for this newly created user will be sent to you so a password can be set on the new account. The LDAP Sync process will run as this user to login to Rally and create the new Rally users.

10. Logout of Rally as the Subscription Administrator and login to Rally as the user created above. You should receive an email with a link to set the password. 11. Click on the user name link in the upper right hand corner and then click on the “Edit Profile…” button in the upper right hand corner.

54


Rally On-Premise Guide 12. Set the Default Workspace and Project for the user to the Workspace/Project created in steps 5 & 7. This will be the default Workspace/Project to which newly created users will be assigned when the LDAP Sync process is run. If this is not done, newly created users will be assigned to the first available Workspace/Project associated with the Rally User account used when running the Rally LDAP Sync process. An existing Rally Subscription or Workspace Administrator may be used for this process, however, it will be necessary to set the appropriate Default Workspace on this user account so new Users are created with the appropriate initial Workspace/Project permissions.


55


Setup your LDAP Environment 1. If you are an existing Rally On-Premise customer, follow these steps to update the Rally Subscription with the LDAP Usernames for currently existing users. If this is a new installation of Rally On-Premise, please skip to the “Enabling LDAP on Rally On-Premise” section of this document. 2. Create a unique Rally Group on your LDAP Server 3. Update the LDAP server so the current Rally Users are members of the newly created “Rally” LDAP group (These users should already exist in your Rally Subscription) 4. Before continuing, please have the following setup: • A machine with ruby 1.8.5 or higher running with the following Ruby Gems: rally_rest_api, fastercsv, & builder • Copy the “user_load_script.rb”, which should be available for download from the same location as the Rally On-Premise download or provided to you by the Rally Support Team, to the machine containing Ruby 5. Once the Rally application has started, login as a Subscription Administrator for your Rally Subscription or use the default Subscription Administrator login, [email protected] 6. Navigate to the Setup -> Users tab 7. Ensure “All Users” is selected in the dropdown box in the upper left corner 8. Click on the Page Tools dropdown and select “Export as CSV”

56


Rally On-Premise Guide 9. This export will generate a User export CSV file. Edit this file such that the user email addresses are in the first column and in the second column enter the users “LDAP Username” associated with this email. You should remove the [email protected] user from this list if the user still exists in your Rally Subscription. Remove any additional data left over from the edit. The file should be similar to the format in the example below. Example CSV format for the “user_load_script.rb” (email address,ldapname): [email protected],fharrison [email protected],sjohnson [email protected],krobinson 10. Copy the CSV file created in the previous step, to a machine with the “user_load_script.rb” installed. Prior to running the script, edit the “user_load_script.rb” and adjust the following values to fit your environment: rally_url = https:///slm (Address of the Rally Installation) rally_user = Rally Subscription Administrator or account rally_password = Rally Password filename = (Location and name of CSV file) 11. Execute the “user_load_script.rb” by running “ruby user_load_script.rb”. Once the script has completed, the Rally users are now associated with their corresponding LDAP login name. You may confirm this by checking that the “On-Premise LDAP User Name” field has been populated in the user’s profile.


57


Enabling LDAP on Rally On-Premise 1. Prior to Enabling LDAP on the Rally On-Premise system, you will need information about the LDAP environment at your company. There is a worksheet at the end of this guide, “Rally On-Premise LDAP module worksheet”, that can be sent to your LDAP administrator to provide the necessary information to connect to the LDAP Server. 2. The Rally server can now be configured for LDAP Authentication by logging into the “Control Panel” and navigating to: Server Settings -> LDAP Settings

Description of each user-input fields: LDAP Hostname: Requires the fully qualified Host name of the LDAP server Port: The port number the LDAP server is listening on, typically “389”

58


Rally On-Premise Guide Enable LDAP over SSL: Checking this box will allow your Rally application to connect to the LDAP server using SSL. The Port number may need to be updated as well if using SSL. For further information about importing a certificate to the Rally On-Premise server to be able to use LDAP over SSL, please see the “Java Keystore” section of this document. Select LDAP Vendor: This dropdown box allows you to select the vendor of your LDAP server. The available options are Active Directory, Oracle Internet Directory (10g or 11g), and Oracle Directory Server 11g. Bind Username DN: The Bind Username field is used for authenticating to the LDAP server, this field needs the fully qualified name. Example: CN=LdapReadonly,CN=Users,DC=rallydev,DC=com Bind DN Password: Password for the bind user LDAP Tree Base DN: This field is the Top Level Tree node of the LDAP Directory where your users/groups are located. Example: CN=Users,DC=rallydev,DC=com User Name Attribute: The username attribute is the attribute that lives on the LDAP server, which should be a globally unique identifier within the directory. Once users are populated they will use the value of this attribute as their login name. Example: samaccountname LDAP Group Management Note: Group Management is not required if you choose authentication with username and password only. Require membership in an LDAP group: This checkbox is selected by default. Unchecking the box confirms that users will be logged in via authentication only. If you disable the group membership option, the LDAP user syncing service will no longer be available. Users authenticating with Rally will no longer be required to have membership in a specific LDAP group. Group Name: The group you created in step 2 of “Setup your LDAP Environment” on your LDAP server which contains the users you would like to allow access to Rally. Example: CN=RallyGroup,CN=Users,DC=rallydev,DC=com Group Attribute: The Group Attribute for your LDAP Server. Generally, memberOf is used with Active Directory and isMemberOf, member, or uniqueMember is used with Oracle products. You will need to check with your LDAP Administrator to determine which one is in use in your environment. LDAP Synchronization Note: LDAP synchronization requires LDAP Group Management.

Enable LDAP Synchronization Service: Enabling this feature will schedule a sync of any newly added users from the LDAP Rally Group to the Rally Application. This sync is scheduled to occur every 15 minutes. Run LDAP Synchronization Immediately after “Save Settings”: Checking this box will force a sync to run right after saving your LDAP settings. © 2013 Rally Software Development Corp.

59


Rally Username: The Rally Subscription Administrator or Workspace Administrator account that will be used to create new Rally users. Rally User Password: Password for the Rally Subscription Administrator or Workspace Administrator. Test Connection: Once the LDAP Hostname, Port, Bind Username DN, Bind DN Password, and Group Name have been entered, you may use the ’Test Connection’ button to test the LDAP connection from the Rally Server. The test will first try to bind to the LDAP Server then attempt to search for the Group Name on the LDAP Server. Disable LDAP & Restart Rally: Deletes the LDAP Authentication settings on the Rally Server and the Rally Application is restarted to disable LDAP Authentication and enable the Rally Application Authentication. 3. Save the LDAP Settings by clicking the Save Settings & Restart Rally button. 4. The Rally Application will be automatically restarted which will enable LDAP Authentication. Once the Application has been restarted all provisioned users will now be able to login using their unique LDAP username and password.

Running the LDAP Sync The LDAP sync runs several services to update the Rally user accounts based on the specified LDAP group and the LDAP vendor. The sync will first query LDAP for all the users in the specified LDAP group. It will then check to make sure all the users in that group are in Rally and that the accounts are enabled in Rally. A check is then done for enabled Rally accounts that do not exist in the specified LDAP Rally user group. If there are accounts in Rally that are not in the LDAP group, the Rally accounts are disabled. If you are using Active Directory a second service (Service 2) is run to disable any Rally user accounts that have been disabled in Active Directory, whether or not they are in the specified Rally group in LDAP. The second service will not be run for Oracle LDAP servers. An example of the log output when an LDAP sync is run using Active Directory is below.

60



An example of the output for the second service when running the sync against an Oracle LDAP server is below.

Backup and Restore of LDAP Settings The LDAP settings will be saved during a Backup of the Rally On-Premise Server. Once the LDAP Module is enabled or if the LDAP Settings are updated, perform a Backup of the Rally OnPremise Server from the Backup/Restore link on the Control Panel to ensure that the proper LDAP settings are captured and not overwritten by a restore containing outdated LDAP connection information.


61


Rally Idea Manager & Rally Support Manager Integration The documentation for the Rally Idea Manager and Rally Support Manager Integrations are supplied in a separate zip file: Rally-Manager-Integration.zip The file is located at the same location where the Rally On-Premise Installation Guide was downloaded.

62



Rally On-Premise Blog Be sure to sign up for the Rally On-Premise Blog for information on upcoming releases, current news and discussions on the direction of the Rally On-Premise solution. http://www.rallydev.com/onpremblog/

Contacting Technical Support If you encounter any issues or require additional service, please email Rally Support at [email protected] .


63


Rally On-Premise LDAP Module Worksheet LDAP Hostname:________________________________________________ Fully-qualified Host a name of the LDAP server, i.e. directory.mycompany.com

LDAP Port:_____________________________________________________ Port that LDAP server listens on. Typically 389, If LDAP over SSL, 636

LDAP SSL-Enabled? LDAP Vendor and Version: ________________________________________ Example: Oracle Identity Server 11g, Active Directory

LDAP SSL Certificate to Load into Rally Keystore? LDAP Bind Username DN: _________________________________________ Example: CN=myLDAPUser,CN=Users,DC=mycompany,DC=com

LDAP Tree Base DN: _____________________________________________ Example: CN=Users,DC=mycompany,DC=com

LDAP User Name Attribute: ________________________________________ Example: sAMAccountName, uid

LDAP Group Name for Rally Users: __________________________________ Example: CN=rallygroup,DC=mycompany,DC=com

LDAP Group Attribute: ___________________________________________ Example: member, memberof, uniquemember

Before the Rally Administrator turns on LDAP, LDAP Administrator please: 1. Add the Rally Users to LDAP Rally Group 2. Make sure LDAP Server is set to accept connections from Rally Server 3. If LDAP over SSL, provide LDAP Server’s SSL Certificate to Rally Administrator for import into keystore.

64
