Loading TOC...
Common Criteria Evaluated Configuration Guide (PDF)

Common Criteria Evaluated Configuration Guide — Chapter 3

Installing MarkLogic Server in an Evaluated Configuration

This chapter describes the steps needed to install MarkLogic Server in an evaluated configuration.

Ensure that All TOE Requirements Are Met

As described in TOE Requirements, all of the requirements for the target of evaluation must be met. In particular, make sure that the platform is supported in the evaluated configuration (see MarkLogic Server TOE Platform) and make sure none of the excluded features are being used (see Not Allowed in the TOE). As noted in Section 1.2 of the Installation Guide, MarkLogic Server assumes it has all the resources of the machine on which it is installed available to it. As such, ensure prior to installation there are no general-purpose computing capabilities (e.g., compilers or user applications) available on the TOE platform, other than those services necessary for the operation, administration, and support of the TOE.

Download the TOE

Download the TOE from developer.marklogic.com/download. Ensure that the TOE version is the same as described in TOE Requirements.

Once downloaded, if you have a current maintenance contract with MarkLogic, you can contact MarkLogic Technical Support to get the SHA-256 hash corresponding to the installation binary you downloaded. MarkLogic Technical Support will supply you with the SHA-256 hash as well as instructions to verify the download corresponds to the appropriate SHA-256 hash.

Run Installation Process

Run the installation process as described in the Installation Guide. When it is time to enter the license key, make sure you have a license key for Essential Enterprise. Contact your sales representative for information about obtaining a license key. If you have an active maintenance contract, you can also contact MarkLogic Technical Support for help.

When the installation prompts you for a username and password for the initial user, what you enter will be the username and password for the initial authorized administrator for your evaluated configuration. Additionally, it prompts you for the realm (set to public by default), which is used in calculating the digest passwords--any subsequent change in the realm would invalidate all existing passwords. As the authorized administrator is assumed to be non-hostile, make sure you take the appropriate precautions with guarding the credentials of this authorized administrator.

Configure the Admin App Server to Use HTTPS

After completing the installation and starting MarkLogic Server, perform the following steps to configure HTTPS on the Admin App Server:

  1. Log into the Admin Interface by accessing port 8001 on a host in which MarkLogic Server runs (for example, http://my-server:8001).
  2. Select Clusters > host-name and ensure that FIPS-mode is enabled. If it is not enabled, then enable it.
  3. Select Groups > Default > App Servers > Admin from the left tree menu.
  4. Follow the procedures in Configuring SSL on App Servers in the Security Guide to configure SSL on the Admin Server.
« Previous chapter