Installing and Configuring IQService
IQService, also referred to as the Integration Service, is a native Windows service that enables Identity Security Cloud to participate in a Windows environment and access information only available through Windows APIs.
It is a lightweight service that must be installed on any supported Windows Server that has connectivity to the target systems you want to manage in Identity Security Cloud.
Prerequisites
Installing IQService
-
Download the Integration Service from Identity Security Cloud via a source that requires it.
-
Run the following commands to install a Windows service named IQService.
-
To install IQService so it communicates with Identity Security Cloud on a non-TLS port:
IQService.exe -i
This command installs an instance of IQService named IQService-Instance1 and on port 5050 (if available).
-
To install IQService so it communicates with Identity Security Cloud on a TLS port:
IQService.exe -i -o <TLS Port Number>
This command installs an instance of IQService named IQService-Instance1 and on the given TLS port number.
Note
For more details on the requirements and procedure to set up TLS Communication and Client Authentication, refer to Configuring TLS and Client Authentication for IQService. -
To install IQService so it communicates with Identity Security Cloud on both TLS and Non-TLS ports:
IQService -i -p <Non-TLS Port> -o <TLS port>
This command installs an instance IQService named IQService-Instance1 and on the given TLS and Non-TLS ports.
-
-
Unzip the downloaded IQService.zip archive into the created or desired location. For example,
C:\SailPoint\IQService\
Note
Verify the DLLs are trusted by checking the properties of the DLL files. -
Start the service either from the Services Applet or from the command line by running the following command:
IQService.exe -s
Registering IQService
The IQService.exe -i
command installs and registers the service with the new registry path HKEY_LOCAL_MACHINE\SOFTWARE\SailPoint\IQService Instances\IQService-Instance1
with the following keys:
Keys |
Description |
---|---|
port |
Port to listen |
tracefile |
Path to the tracefile |
tracelevel |
0 (off) 3 (verbose) |
maxTraceFiles |
Maximum number of Trace log files that must get created before overwriting the older files |
traceFileSize |
Maximum file size of a trace file in bytes. A new file is created when the current file exceeds this limit |
clientAuthUsers |
If you configure IQService with client authentication, the IQService user is displayed with this key. |
tlsPort |
If you configure the TLS port, the IQService is set up for the communication over TLS. |
The IQService accesses only the IQService-related keys in the registry editor, and installs or uninstalls successfully.
Upgrading IQService
To upgrade, you must uninstall the previous version and then install the new version.
SailPoint also recommends backing up the current installation before uninstalling to aid with troubleshooting the new version, should issues arise.
-
To determine the existing (old) version, run the following command:
IQService.exe -v
-
To uninstall the existing (old) version, run the following command:
IQService.exe -u
-
Run the following command to install a new version:
IQService.exe -i
Upgrading IQService to the Latest Version
-
Take the backup of the existing IQService installation.
-
Stop the service either from the Services Applet or from the command line by running the following command:
IQService.exe -k
-
Uninstall IQService using the
IQService -u
command. -
Extract the latest IQService in the installation directory.
-
Install the new IQService using the
IQService -i
command. -
Start the IQService.
Note
If you have executed the IQService Public Key Exchange task for the existing IQService then SailPoint recommends that you follow the instructions mentioned to install and register a new IQService.